کتاب Red Hat System Design Guide
Red Hat Enterprise Linux 8 System Design Guide Designing a RHEL 8 system نسخه 2021
توضیحات
بیشک برای فعالیت در حوزه تجارت و حوزه های دیگر از جمله ادمینی لینوکس، یکی از بهترین سیستم عامل ها، سیستم عامل Red Hat میباشد. از این رو کتاب
Red Hat Enterprise Linux 8 System Design Guide Designing a RHEL 8 system نسخه 2021 برای ادمین های لینوکس، را برای شما مهیا کردهام تا در این راه با سرعت بیشتری پیش بروید. این کتاب معتبر، کتاب آموزش رسمی سایت Red Hat میباشد.
نکته: این کتاب به صورت PDF میباشد.
مشخصات کتاب:
زبان: انگلیسی
تعداد صفحات: 1068
نویسنده: Red Hat
فرمت فایل دانلودی: PDF
جهت دانلود کتاب میتوانید از لینک زیر اقدام نمایید:
سرفصلها:
MAKING OPEN SOURCE MORE INCLUSIVE
PROVIDING FEEDBACK ON RED HAT DOCUMENTATION
PART I. DESIGN OF INSTALLATION
CHAPTER 1. INTRODUCTION
1.1. SUPPORTED ARCHITECTURES
1.2. INSTALLATION TERMINOLOGY
CHAPTER 2. PREPARING FOR YOUR INSTALLATION
2.1. RECOMMENDED STEPS
2.2. AVAILABLE INSTALLATION METHODS
2.3. SYSTEM REQUIREMENTS
2.4. INSTALLATION BOOT MEDIA OPTIONS
2.5. TYPES OF INSTALLATION ISO IMAGES
2.6. DOWNLOADING THE INSTALLATION ISO IMAGE
2.6.1. Downloading an ISO image from the Customer Portal
2.6.2. Downloading an ISO image using curl
2.7. CREATING A BOOTABLE INSTALLATION MEDIUM
2.7.1. Creating a bootable DVD or CD
2.7.2. Creating a bootable USB device on Linux
2.7.3. Creating a bootable USB device on Windows
2.7.4. Creating a bootable USB device on Mac OS X
2.8. PREPARING AN INSTALLATION SOURCE
2.8.1. Types of installation source
2.8.2. Specify the installation source
2.8.3. Ports for network-based installation
2.8.4. Creating an installation source on an NFS server
2.8.5. Creating an installation source using HTTP or HTTPS
2.8.6. Creating an installation source using FTP
CHAPTER 3. GETTING STARTED
3.1. BOOTING THE INSTALLATION
3.1.1. Boot menu
3.1.2. Types of boot options
3.1.3. Editing boot options
Editing the boot: prompt in BIOS
Editing the > prompt
Editing the GRUB2 menu
3.1.4. Booting the installation from a USB, CD, or DVD
3.1.5. Booting the installation from a network using PXE
3.2. INSTALLING RHEL USING AN ISO IMAGE FROM THE CUSTOMER PORTAL
3.3. REGISTERING AND INSTALLING RHEL FROM THE CDN USING THE GUI
3.3.1. What is the Content Delivery Network
3.3.2. Registering and installing RHEL from the CDN
3.3.2.1. Installation source repository after system registration
3.3.3. Verifying your system registration from the CDN
3.3.4. Unregistering your system from the CDN
3.4. COMPLETING THE INSTALLATION
CHAPTER 4. CUSTOMIZING YOUR INSTALLATION
4.1. CONFIGURING LANGUAGE AND LOCATION SETTINGS
4.2. CONFIGURING LOCALIZATION OPTIONS
4.2.1. Configuring keyboard, language, and time and date settings
4.3. CONFIGURING SYSTEM OPTIONS
4.3.1. Configuring installation destination
4.3.1.1. Configuring boot loader
4.3.2. Configuring Kdump
4.3.3. Configuring network and host name options
4.3.3.1. Adding a virtual network interface
4.3.3.2. Editing network interface configuration
4.3.3.3. Enabling or Disabling the Interface Connection
4.3.3.4. Setting up Static IPv4 or IPv6 Settings
4.3.3.5. Configuring Routes
4.3.3.6. Additional resources
4.3.4. Configuring Connect to Red Hat
4.3.4.1. Introduction to System Purpose
4.3.4.2. Configuring Connect to Red Hat options
4.3.4.3. Installation source repository after system registration
4.3.4.4. Verifying your system registration from the CDN
4.3.4.5. Unregistering your system from the CDN
4.3.5. Configuring Security Policy
4.3.5.1. About security policy
4.3.5.2. Configuring a security policy
4.3.5.3. Related information
4.4. CONFIGURING SOFTWARE OPTIONS
4.4.1. Configuring installation source
4.4.2. Configuring software selection
4.5. CONFIGURING STORAGE DEVICES
4.5.1. Storage device selection
4.5.2. Filtering storage devices
4.5.3. Using advanced storage options
4.5.3.1. Discovering and starting an iSCSI session
4.5.3.2. Configuring FCoE parameters
4.5.3.3. Configuring DASD storage devices
4.5.3.4. Configuring FCP devices
4.5.4. Installing to an NVDIMM device
4.5.4.1. Criteria for using an NVDIMM device as an installation target
4.5.4.2. Configuring an NVDIMM device using the graphical installation mode
4.6. CONFIGURING MANUAL PARTITIONING
4.6.1. Starting manual partitioning
4.6.2. Adding a mount point file system
4.6.3. Configuring a mount point file system
4.6.4. Customizing a partition or volume
4.6.5. Preserving the /home directory
4.6.6. Creating software RAID
4.6.7. Creating an LVM logical volume
4.6.8. Configuring an LVM logical volume
4.7. CONFIGURING A ROOT PASSWORD
4.8. CREATING A USER ACCOUNT
4.8.1. Editing advanced user settings
CHAPTER 5. COMPLETING POST-INSTALLATION TASKS
5.1. COMPLETING INITIAL SETUP
5.2. REGISTERING YOUR SYSTEM USING THE COMMAND LINE
5.3. REGISTERING YOUR SYSTEM USING THE SUBSCRIPTION MANAGER USER INTERFACE
5.4. REGISTRATION ASSISTANT
5.5. CONFIGURING SYSTEM PURPOSE USING THE SYSPURPOSE COMMAND-LINE TOOL
5.6. SECURING YOUR SYSTEM
5.7. DEPLOYING SYSTEMS THAT ARE COMPLIANT WITH A SECURITY PROFILE IMMEDIATELY AFTER AN
INSTALLATION
5.7.1. Deploying baseline-compliant RHEL systems using the graphical installation
5.7.2. Deploying baseline-compliant RHEL systems using Kickstart
5.8. NEXT STEPS
APPENDIX A. TROUBLESHOOTING
A.1. TROUBLESHOOTING AT THE START OF THE INSTALLATION PROCESS
A.1.1. Dracut
A.1.2. Using installation log files
A.1.2.1. Creating pre-installation log files
A.1.2.2. Transferring installation log files to a USB drive
A.1.2.3. Transferring installation log files over the network
A.1.3. Detecting memory faults using the Memtest86 application
A.1.3.1. Running Memtest86
A.1.4. Verifying boot media
A.1.5. Consoles and logging during installation
A.1.6. Saving screenshots
A.1.7. Resuming an interrupted download attempt
A.1.8. Cannot boot into the graphical installation
A.2. TROUBLESHOOTING DURING THE INSTALLATION
A.2.1. Disks are not detected
A.2.2. Reporting error messages to Red Hat Customer Support
A.2.3. Partitioning issues for IBM Power Systems
A.3. TROUBLESHOOTING AFTER INSTALLATION
A.3.1. Cannot boot with a RAID card
A.3.2. Graphical boot sequence is not responding
A.3.3. X server fails after log in
A.3.4. RAM is not recognized
A.3.5. System is displaying signal 11 errors
A.3.6. Unable to IPL from network storage space
A.3.7. Using XDMCP
A.3.8. Using rescue mode
A.3.8.1. Booting into rescue mode
A.3.8.2. Using an SOS report in rescue mode
A.3.8.3. Reinstalling the GRUB2 boot loader
A.3.8.4. Using RPM to add or remove a driver
A.3.9. ip= boot option returns an error
APPENDIX B. SYSTEM REQUIREMENTS REFERENCE
B.1. HARDWARE COMPATIBILITY
B.2. SUPPORTED INSTALLATION TARGETS
B.3. SYSTEM SPECIFICATIONS
B.4. DISK AND MEMORY REQUIREMENTS
B.5. RAID REQUIREMENTS
APPENDIX C. PARTITIONING REFERENCE
C.1. SUPPORTED DEVICE TYPES
C.2. SUPPORTED FILE SYSTEMS
C.3. SUPPORTED RAID TYPES
C.4. RECOMMENDED PARTITIONING SCHEME
C.5. ADVICE ON PARTITIONS
APPENDIX D. BOOT OPTIONS REFERENCE
D.1. INSTALLATION SOURCE BOOT OPTIONS
D.2. NETWORK BOOT OPTIONS
D.3. CONSOLE BOOT OPTIONS
D.4. DEBUG BOOT OPTIONS
D.5. STORAGE BOOT OPTIONS
D.6. DEPRECATED BOOT OPTIONS
D.7. REMOVED BOOT OPTIONS
APPENDIX E. CHANGING A SUBSCRIPTION SERVICE
E.1. UNREGISTERING FROM SUBSCRIPTION MANAGEMENT SERVER
E.1.1. Unregistering using command line
E.1.2. Unregistering using Subscription Manager user interface
E.2. UNREGISTERING FROM SATELLITE SERVER
APPENDIX F. ISCSI DISKS IN INSTALLATION PROGRAM
CHAPTER 6. COMPOSING A CUSTOMIZED RHEL SYSTEM IMAGE
6.1. IMAGE BUILDER DESCRIPTION
6.1.1. Introduction to Image Builder
6.1.2. Image Builder terminology
6.1.3. Image Builder output formats
6.1.4. Image Builder system requirements
6.2. INSTALLING IMAGE BUILDER
6.2.1. Image Builder system requirements
6.2.2. Installing Image Builder in a virtual machine
6.2.3. Reverting to lorax-composer Image Builder backend
6.3. CREATING SYSTEM IMAGES WITH IMAGE BUILDER COMMAND-LINE INTERFACE
6.3.1. Image Builder command-line interface
6.3.2. Creating an Image Builder blueprint with command-line interface
6.3.3. Editing an Image Builder blueprint with command-line interface
6.3.4. Creating a system image with Image Builder in the command-line interface
6.3.5. Basic Image Builder command-line commands
6.3.6. Image Builder blueprint format
6.3.7. Supported Image Customizations
6.3.8. Installed Packages
6.3.9. Enabled Services
6.3.10. Disks and Partitions Configuration using Image Builder
6.4. CREATING SYSTEM IMAGES WITH IMAGE BUILDER WEB CONSOLE INTERFACE
6.4.1. Accessing Image Builder GUI in the RHEL 8 web console
6.4.2. Creating an Image Builder blueprint in the web console interface
6.4.3. Editing an Image Builder blueprint in the web console interface
6.4.4. Adding users and groups to an Image Builder blueprint in the web console interface
6.4.5. Creating a system image with Image Builder in the web console interface
6.4.6. Adding a source to a blueprint
6.4.7. Creating a user account for a blueprint
6.4.8. Creating a user account with SSH key
6.5. PREPARING AND UPLOADING CLOUD IMAGES WITH IMAGE BUILDER
6.5.1. Preparing for uploading AWS AMI images
6.5.2. Uploading an AMI image to AWS
6.5.3. Pushing images to AWS Cloud AMI
6.5.4. Preparing for uploading Azure VHD images
6.5.5. Uploading VHD images to Azure
6.5.6. Uploading VMDK images to vSphere
6.5.7. Pushing VHD images to Azure cloud
6.5.8. Uploading QCOW2 image to OpenStack
6.5.9. Preparing for uploading images to Alibaba
6.5.10. Uploading images to Alibaba
6.5.11. Importing images to Alibaba
6.5.12. Creating an instance of a custom image using Alibaba
CHAPTER 7. PERFORMING AN AUTOMATED INSTALLATION USING KICKSTART
7.1. KICKSTART INSTALLATION BASICS
7.1.1. What are Kickstart installations
7.1.2. Automated installation workflow
7.2. CREATING KICKSTART FILES
7.2.1. Creating a Kickstart file with the Kickstart configuration tool
7.2.2. Creating a Kickstart file by performing a manual installation
7.2.3. Converting a RHEL 7 Kickstart file for RHEL 8 installation
7.2.4. Creating a custom image using Image Builder
7.3. MAKING KICKSTART FILES AVAILABLE TO THE INSTALLATION PROGRAM
7.3.1. Ports for network-based installation
7.3.2. Making a Kickstart file available on an NFS server
7.3.3. Making a Kickstart file available on an HTTP or HTTPS server
7.3.4. Making a Kickstart file available on an FTP server
7.3.5. Making a Kickstart file available on a local volume
7.3.6. Making a Kickstart file available on a local volume for automatic loading
7.4. CREATING INSTALLATION SOURCES FOR KICKSTART INSTALLATIONS
7.4.1. Types of installation source
7.4.2. Ports for network-based installation
7.4.3. Creating an installation source on an NFS server
7.4.4. Creating an installation source using HTTP or HTTPS
7.4.5. Creating an installation source using FTP
7.5. STARTING KICKSTART INSTALLATIONS
7.5.1. Starting a Kickstart installation manually
7.5.2. Starting a Kickstart installation automatically using PXE
7.5.3. Starting a Kickstart installation automatically using a local volume
7.6. CONSOLES AND LOGGING DURING INSTALLATION
7.7. MAINTAINING KICKSTART FILES
7.7.1. Installing Kickstart maintenance tools
7.7.2. Verifying a Kickstart file
7.8. REGISTERING AND INSTALLING RHEL FROM THE CDN USING KICKSTART
7.8.1. Registering and installing RHEL from the CDN
7.8.2. Verifying your system registration from the CDN
7.8.3. Unregistering your system from the CDN
7.9. PERFORMING A REMOTE RHEL INSTALLATION USING VNC
7.9.1. Overview
7.9.2. Considerations
7.9.3. Performing a remote RHEL installation in VNC Direct mode
7.9.4. Performing a remote RHEL installation in VNC Connect mode
CHAPTER 8. ADVANCED CONFIGURATION OPTIONS
8.1. CONFIGURING SYSTEM PURPOSE
8.1.1. Overview
8.1.2. Configuring System Purpose in a Kickstart file
8.1.3. Related information
8.2. UPDATING DRIVERS DURING INSTALLATION
8.2.1. Prerequisite
8.2.2. Overview
8.2.3. Types of driver update
8.2.4. Preparing a driver update
8.2.5. Performing an automatic driver update
8.2.6. Performing an assisted driver update
8.2.7. Performing a manual driver update
8.2.8. Disabling a driver
8.3. PREPARING TO INSTALL FROM THE NETWORK USING PXE
8.3.1. Network install overview
8.3.2. Configuring a TFTP server for BIOS-based clients
8.3.3. Configuring a TFTP server for UEFI-based clients
8.3.4. Configuring a network server for IBM Power systems
8.4. BOOT OPTIONS
8.4.1. Types of boot options
8.4.2. Editing boot options
Editing the boot: prompt in BIOS
Editing the > prompt
Editing the GRUB2 menu
8.4.3. Installation source boot options
8.4.4. Network boot options
8.4.5. Console boot options
8.4.6. Debug boot options
8.4.7. Storage boot options
8.4.8. Kickstart boot options
8.4.9. Advanced installation boot options
8.4.10. Deprecated boot options
8.4.11. Removed boot options
CHAPTER 9. KICKSTART REFERENCES
APPENDIX G. KICKSTART SCRIPT FILE FORMAT REFERENCE
G.1. KICKSTART FILE FORMAT
G.2. PACKAGE SELECTION IN KICKSTART
G.2.1. Package selection section
G.2.2. Package selection commands
G.2.3. Common package selection options
G.2.4. Options for specific package groups
G.3. SCRIPTS IN KICKSTART FILE
G.3.1. %pre script
G.3.1.1. %pre script section options
G.3.2. %pre-install script
G.3.2.1. %pre-install script section options
G.3.3. %post script
G.3.3.1. %post script section options
G.3.3.2. Example: Mounting NFS in a post-install script
G.3.3.3. Example: Running subscription-manager as a post-install script
G.4. ANACONDA CONFIGURATION SECTION
G.5. KICKSTART ERROR HANDLING SECTION
G.6. KICKSTART ADD-ON SECTIONS
H.1. KICKSTART CHANGES
H.1.1. auth or authconfig is deprecated in RHEL 8
H.1.2. Kickstart no longer supports Btrfs
H.1.3. Using Kickstart files from previous RHEL releases
H.1.4. Deprecated Kickstart commands and options
H.1.5. Removed Kickstart commands and options
H.1.6. New Kickstart commands and options
H.2. KICKSTART COMMANDS FOR INSTALLATION PROGRAM CONFIGURATION AND FLOW CONTROL
H.2.1. autostep
H.2.2. cdrom
H.2.3. cmdline
H.2.4. driverdisk
H.2.5. eula
H.2.6. firstboot
H.2.7. graphical
H.2.8. halt
H.2.9. harddrive
H.2.10. install (deprecated)
H.2.11. liveimg
H.2.12. logging
H.2.13. mediacheck
H.2.14. nfs
H.2.15. ostreesetup
H.2.16. poweroff
H.2.17. reboot
H.2.18. rhsm
H.2.19. shutdown
H.2.20. sshpw
H.2.21. text
H.2.22. url
H.2.23. vnc
H.2.24. %include
H.2.25. %ksappend
H.3. KICKSTART COMMANDS FOR SYSTEM CONFIGURATION
H.3.1. auth or authconfig (deprecated)
H.3.2. authselect
H.3.3. firewall
H.3.4. group
H.3.5. keyboard (required)
H.3.6. lang (required)
H.3.7. module
H.3.8. repo
H.3.9. rootpw (required)
H.3.10. selinux
H.3.11. services
H.3.12. skipx
H.3.13. sshkey
H.3.14. syspurpose
H.3.15. timezone (required)
H.3.16. user
H.3.17. xconfig
H.4. KICKSTART COMMANDS FOR NETWORK CONFIGURATION
H.4.1. network
H.4.2. realm
H.5. KICKSTART COMMANDS FOR HANDLING STORAGE
H.5.1. device (deprecated)
H.5.2. autopart
H.5.3. bootloader (required)
H.5.4. zipl
H.5.5. clearpart
H.5.6. fcoe
H.5.7. ignoredisk
H.5.8. iscsi
H.5.9. iscsiname
H.5.10. logvol
H.5.11. mount
H.5.12. nvdimm
H.5.13. part or partition
H.5.14. raid
H.5.15. reqpart
H.5.16. snapshot
H.5.17. volgroup
H.5.18. zerombr
H.5.19. zfcp
H.6. KICKSTART COMMANDS FOR ADDONS SUPPLIED WITH THE RHEL INSTALLATION PROGRAM
H.6.1. %addon com_redhat_kdump
H.6.2. %addon org_fedora_oscap
H.7. COMMANDS USED IN ANACONDA
H.7.1. pwpolicy
H.8. KICKSTART COMMANDS FOR SYSTEM RECOVERY
H.8.1. rescue
PART II. DESIGN OF SECURITY
CHAPTER 10. OVERVIEW OF SECURITY HARDENING IN RHEL
10.1. WHAT IS COMPUTER SECURITY?
10.2. STANDARDIZING SECURITY
10.3. CRYPTOGRAPHIC SOFTWARE AND CERTIFICATIONS
10.4. SECURITY CONTROLS
10.4.1. Physical controls
10.4.2. Technical controls
10.4.3. Administrative controls
10.5. VULNERABILITY ASSESSMENT
10.5.1. Defining assessment and testing
10.5.2. Establishing a methodology for vulnerability assessment
10.5.3. Vulnerability assessment tools
10.6. SECURITY THREATS
10.6.1. Threats to network security
10.6.2. Threats to server security
10.6.3. Threats to workstation and home PC security
10.7. COMMON EXPLOITS AND ATTACKS
CHAPTER 11. SECURING RHEL DURING INSTALLATION
11.1. BIOS AND UEFI SECURITY
11.1.1. BIOS passwords
11.1.1.1. Non-BIOS-based systems security
11.2. DISK PARTITIONING
11.3. RESTRICTING NETWORK CONNECTIVITY DURING THE INSTALLATION PROCESS
11.4. INSTALLING THE MINIMUM AMOUNT OF PACKAGES REQUIRED
11.5. POST-INSTALLATION PROCEDURES
11.6. INSTALLING A RHEL 8 SYSTEM WITH FIPS MODE ENABLED
11.6.1. Federal Information Processing Standard (FIPS)
11.6.2. Installing the system with FIPS mode enabled
11.6.3. Additional resources
CHAPTER 12. USING SYSTEM-WIDE CRYPTOGRAPHIC POLICIES
12.1. SYSTEM-WIDE CRYPTOGRAPHIC POLICIES
Tool for managing crypto policies
Strong crypto defaults by removing insecure cipher suites and protocols
Cipher suites and protocols disabled in all policy levels
Cipher suites and protocols enabled in the crypto-policies levels
12.2. SWITCHING THE SYSTEM-WIDE CRYPTOGRAPHIC POLICY TO MODE COMPATIBLE WITH EARLIER
RELEASES
12.3. SWITCHING THE SYSTEM TO FIPS MODE
12.4. ENABLING FIPS MODE IN A CONTAINER
12.5. LIST OF RHEL APPLICATIONS USING CRYPTOGRAPHY THAT IS NOT COMPLIANT WITH FIPS 140-2
12.6. EXCLUDING AN APPLICATION FROM FOLLOWING SYSTEM-WIDE CRYPTO POLICIES
12.6.1. Examples of opting out of system-wide crypto policies
12.7. CUSTOMIZING SYSTEM-WIDE CRYPTOGRAPHIC POLICIES WITH POLICY MODIFIERS
12.8. DISABLING SHA-1 BY CUSTOMIZING A SYSTEM-WIDE CRYPTOGRAPHIC POLICY
12.9. CREATING AND SETTING A CUSTOM SYSTEM-WIDE CRYPTOGRAPHIC POLICY
12.10. RELATED INFORMATION
CHAPTER 13. CONFIGURING APPLICATIONS TO USE CRYPTOGRAPHIC HARDWARE THROUGH PKCS #11
13.1. CRYPTOGRAPHIC HARDWARE SUPPORT THROUGH PKCS #11
13.2. USING SSH KEYS STORED ON A SMART CARD
13.3. USING HSMS PROTECTING PRIVATE KEYS IN APACHE AND NGINX
13.4. CONFIGURING APPLICATIONS TO AUTHENTICATE USING CERTIFICATES FROM SMART CARDS
13.5. RELATED INFORMATION
CHAPTER 14. USING SHARED SYSTEM CERTIFICATES
14.1. THE SYSTEM-WIDE TRUST STORE
14.2. ADDING NEW CERTIFICATES
14.3. MANAGING TRUSTED SYSTEM CERTIFICATES
14.4. ADDITIONAL RESOURCES
CHAPTER 15. SCANNING THE SYSTEM FOR SECURITY COMPLIANCE AND VULNERABILITIES
15.1. CONFIGURATION COMPLIANCE TOOLS IN RHEL
15.2. RED HAT SECURITY ADVISORIES OVAL FEED
15.3. VULNERABILITY SCANNING
15.3.1. Red Hat Security Advisories OVAL feed
15.3.2. Scanning the system for vulnerabilities
15.3.3. Scanning remote systems for vulnerabilities
15.4. CONFIGURATION COMPLIANCE SCANNING
15.4.1. Configuration compliance in RHEL 8
15.4.2. Possible results of an OpenSCAP scan
15.4.3. Viewing profiles for configuration compliance
15.4.4. Assessing configuration compliance with a specific baseline
15.5. REMEDIATING THE SYSTEM TO ALIGN WITH A SPECIFIC BASELINE
15.6. REMEDIATING THE SYSTEM TO ALIGN WITH A SPECIFIC BASELINE USING THE SSG ANSIBLE
PLAYBOOK
15.7. CREATING A REMEDIATION ANSIBLE PLAYBOOK TO ALIGN THE SYSTEM WITH A SPECIFIC BASELINE
15.8. CREATING A REMEDIATION BASH SCRIPT FOR A LATER APPLICATION
15.9. SCANNING THE SYSTEM WITH A CUSTOMIZED PROFILE USING SCAP WORKBENCH
15.9.1. Using SCAP Workbench to scan and remediate the system
15.9.2. Customizing a security profile with SCAP Workbench
15.9.3. Related information
15.10. SCANNING CONTAINER AND CONTAINER IMAGES FOR VULNERABILITIES
15.11. ASSESSING SECURITY COMPLIANCE OF A CONTAINER OR A CONTAINER IMAGE WITH A SPECIFIC
BASELINE
15.12. SUPPORTED VERSIONS OF THE SCAP SECURITY GUIDE IN RHEL
15.13. CHECKING INTEGRITY WITH AIDE
15.13.1. Installing AIDE
15.13.2. Performing integrity checks with AIDE
15.13.3. Updating an AIDE database
15.13.4. Related information
15.14. ENCRYPTING BLOCK DEVICES USING LUKS
15.14.1. LUKS disk encryption
15.14.2. LUKS versions in RHEL 8
15.14.3. Options for data protection during LUKS2 re-encryption
15.14.4. Encrypting existing data on a block device using LUKS2
15.14.5. Encrypting existing data on a block device using LUKS2 with a detached header
15.14.6. Encrypting a blank block device using LUKS2
15.14.7. Creating a LUKS encrypted volume using the storage role
15.15. CONFIGURING AUTOMATED UNLOCKING OF ENCRYPTED VOLUMES USING POLICY-BASED
DECRYPTION
15.15.1. Network-bound disk encryption
15.15.2. Installing an encryption client – Clevis
15.15.3. Deploying a Tang server with SELinux in enforcing mode
15.15.4. Rotating Tang server keys and updating bindings on clients
15.15.5. Configuring automated unlocking using a Tang key in the web console
15.15.6. Deploying an encryption client for an NBDE system with Tang
15.15.7. Removing a Clevis pin from a LUKS-encrypted volume manually
15.15.8. Deploying an encryption client with a TPM 2.0 policy
15.15.9. Configuring manual enrollment of LUKS-encrypted volumes
15.15.10. Configuring automated enrollment of LUKS-encrypted volumes using Kickstart
15.15.11. Configuring automated unlocking of a LUKS-encrypted removable storage device
15.15.12. Deploying high-availability NBDE systems
15.15.12.1. High-available NBDE using Shamir’s Secret Sharing
15.15.12.1.1. Example 1: Redundancy with two Tang servers
15.15.12.1.2. Example 2: Shared secret on a Tang server and a TPM device
15.15.13. Deployment of virtual machines in a NBDE network
15.15.14. Building automatically-enrollable VM images for cloud environments using NBDE
15.15.15. Introduction to the Clevis and Tang system roles
15.15.16. Using the nbde_server system role for setting up multiple Tang servers
15.15.17. Using the nbde_client system role for setting up multiple Clevis clients
15.15.18. Additional resources
CHAPTER 16. USING SELINUX
16.1. GETTING STARTED WITH SELINUX
16.1.1. Introduction to SELinux
16.1.2. Benefits of running SELinux
16.1.3. SELinux examples
16.1.4. SELinux architecture and packages
16.1.5. SELinux states and modes
16.2. CHANGING SELINUX STATES AND MODES
16.2.1. Permanent changes in SELinux states and modes
16.2.2. Changing to permissive mode
16.2.3. Changing to enforcing mode
16.2.4. Enabling SELinux on systems that previously had it disabled
16.2.5. Disabling SELinux
16.2.6. Changing SELinux modes at boot time
16.3. TROUBLESHOOTING PROBLEMS RELATED TO SELINUX
16.3.1. Identifying SELinux denials
16.3.2. Analyzing SELinux denial messages
16.3.3. Fixing analyzed SELinux denials
16.3.4. SELinux denials in the Audit log
16.3.5. Related information
PART III. DESIGN OF NETWORK
CHAPTER 17. GENERAL RHEL NETWORKING TOPICS
17.1. THE DIFFERENCE BETWEEN IP AND NON-IP NETWORKS
17.2. THE DIFFERENCE BETWEEN STATIC AND DYNAMIC IP ADDRESSING
17.3. DHCP TRANSACTION PHASES
Discovery
Offer
Request
Acknowledgment
17.4. INFINIBAND AND RDMA NETWORKS
17.5. LEGACY NETWORK SCRIPTS SUPPORT IN RHEL
17.6. SELECTING NETWORK CONFIGURATION METHODS
CHAPTER 18. USING NETCONSOLE TO LOG KERNEL MESSAGES OVER A NETWORK
18.1. CONFIGURING THE NETCONSOLE SERVICE TO LOG KERNEL MESSAGES TO A REMOTE HOST
CHAPTER 19. GETTING STARTED WITH NETWORKMANAGER
19.1. BENEFITS OF USING NETWORKMANAGER
19.2. AN OVERVIEW OF UTILITIES AND APPLICATIONS YOU CAN USE TO MANAGE NETWORKMANAGER
CONNECTIONS
19.3. USING NETWORKMANAGER DISPATCHER SCRIPTS
19.4. LOADING MANUALLY-CREATED IFCFG FILES INTO NETWORKMANAGER
CHAPTER 20. GETTING STARTED WITH NMTUI
20.1. STARTING THE NMTUI UTILITY
20.2. ADDING A CONNECTION PROFILE USING NMTUI
20.3. APPLYING CHANGES TO A MODIFIED CONNECTION USING NMTUI
CHAPTER 21. GETTING STARTED WITH NMCLI
21.1. THE DIFFERENT OUTPUT FORMATS OF NMCLI
21.2. USING TAB COMPLETION IN NMCLI
21.3. FREQUENT NMCLI COMMANDS
CHAPTER 22. GETTING STARTED WITH CONFIGURING NETWORKING USING THE GNOME GUI
22.1. CONNECTING TO A NETWORK USING THE GNOME SHELL NETWORK CONNECTION ICON
CHAPTER 23. CONFIGURING IP NETWORKING WITH IFCFG FILES
23.1. CONFIGURING AN INTERFACE WITH STATIC NETWORK SETTINGS USING IFCFG FILES
23.2. CONFIGURING AN INTERFACE WITH DYNAMIC NETWORK SETTINGS USING IFCFG FILES
23.3. MANAGING SYSTEM-WIDE AND PRIVATE CONNECTION PROFILES WITH IFCFG FILES
CHAPTER 24. GETTING STARTED WITH IPVLAN
24.1. IPVLAN OVERVIEW
24.2. IPVLAN MODES
24.3. OVERVIEW OF MACVLAN
24.4. COMPARISON OF IPVLAN AND MACVLAN
24.5. CREATING AND CONFIGURING THE IPVLAN DEVICE USING IPROUTE2
CHAPTER 25. CONFIGURING VIRTUAL ROUTING AND FORWARDING (VRF)
25.1. PERMANENTLY REUSING THE SAME IP ADDRESS ON DIFFERENT INTERFACES
25.2. TEMPORARILY REUSING THE SAME IP ADDRESS ON DIFFERENT INTERFACES
25.3. RELATED INFORMATION
CHAPTER 26. SECURING NETWORKS
26.1. USING SECURE COMMUNICATIONS BETWEEN TWO SYSTEMS WITH OPENSSH
26.1.1. SSH and OpenSSH
26.1.2. Configuring and starting an OpenSSH server
26.1.3. Using key pairs instead of passwords for SSH authentication
26.1.3.1. Setting an OpenSSH server for key-based authentication
26.1.3.2. Generating SSH key pairs
26.1.4. Using SSH keys stored on a smart card
26.1.5. Making OpenSSH more secure
26.1.6. Connecting to a remote server using an SSH jump host
26.1.7. Connecting to remote machines with SSH keys using ssh-agent
26.1.8. Additional resources
26.2. PLANNING AND IMPLEMENTING TLS
26.2.1. SSL and TLS protocols
26.2.2. Security considerations for TLS in RHEL 8
26.2.2.1. Protocols
26.2.2.2. Cipher suites
26.2.2.3. Public key length
26.2.3. Hardening TLS configuration in applications
26.2.3.1. Configuring the Apache HTTP server
26.2.3.2. Configuring the Nginx HTTP and proxy server
26.2.3.3. Configuring the Dovecot mail server
26.3. CONFIGURING A VPN WITH IPSEC
26.3.1. Libreswan as an IPsec VPN implementation
26.3.2. Installing Libreswan
26.3.3. Creating a host-to-host VPN
26.3.4. Configuring a site-to-site VPN
26.3.5. Configuring a remote access VPN
26.3.6. Configuring a mesh VPN
26.3.7. Methods of authentication used in Libreswan
26.3.8. Deploying a FIPS-compliant IPsec VPN
26.3.9. Protecting the IPsec NSS database by a password
26.3.10. Configuring IPsec connections that opt out of the system-wide crypto policies
26.3.11. Troubleshooting IPsec VPN configurations
26.3.12. Related information
1226.4. CONFIGURING MACSEC
26.4.1. Introduction to MACsec
26.4.2. Using MACsec with nmcli tool
26.4.3. Using MACsec with wpa_supplicant
26.4.4. Related information
26.5. USING AND CONFIGURING FIREWALLD
26.5.1. When to use firewalld, nftables, or iptables
26.5.2. Getting started with firewalld
26.5.2.1. firewalld
26.5.2.2. Zones
26.5.2.3. Predefined services
26.5.3. Installing the firewall-config GUI configuration tool
26.5.4. Viewing the current status and settings of firewalld
26.5.4.1. Viewing the current status of firewalld
26.5.4.2. Viewing current firewalld settings
26.5.4.2.1. Viewing allowed services using GUI
26.5.4.2.2. Viewing firewalld settings using CLI
26.5.5. Starting firewalld
26.5.6. Stopping firewalld
26.5.7. Runtime and permanent settings
26.5.8. Verifying the permanent firewalld configuration
26.5.9. Controlling network traffic using firewalld
26.5.9.1. Disabling all traffic in case of emergency using CLI
26.5.9.2. Controlling traffic with predefined services using CLI
26.5.9.3. Controlling traffic with predefined services using GUI
26.5.9.4. Adding new services
26.5.9.5. Controlling ports using CLI
26.5.9.5.1. Opening a port
26.5.9.5.2. Closing a port
26.5.9.6. Opening ports using GUI
26.5.9.7. Controlling traffic with protocols using GUI
26.5.9.8. Opening source ports using GUI
26.5.10. Working with firewalld zones
26.5.10.1. Listing zones
26.5.10.2. Modifying firewalld settings for a certain zone
26.5.10.3. Changing the default zone
26.5.10.4. Assigning a network interface to a zone
26.5.10.5. Assigning a zone to a connection using nmcli
26.5.10.6. Manually assigning a zone to a network connection in an ifcfg file
26.5.10.7. Creating a new zone
26.5.10.8. Zone configuration files
26.5.10.9. Using zone targets to set default behavior for incoming traffic
26.5.11. Using zones to manage incoming traffic depending on a source
26.5.11.1. Using zones to manage incoming traffic depending on a source
26.5.11.2. Adding a source
26.5.11.3. Removing a source
26.5.11.4. Adding a source port
26.5.11.5. Removing a source port
26.5.11.6. Using zones and sources to allow a service for only a specific domain
26.5.11.7. Configuring traffic accepted by a zone based on a protocol
26.5.11.7.1. Adding a protocol to a zone
26.5.11.7.2. Removing a protocol from a zone
26.5.12. Configuring IP address masquerading
1326.5.13. Port forwarding
26.5.13.1. Adding a port to redirect
26.5.13.2. Redirecting TCP port 80 to port 88 on the same machine
26.5.13.3. Removing a redirected port
26.5.13.4. Removing TCP port 80 forwarded to port 88 on the same machine
26.5.14. Managing ICMP requests
26.5.14.1. Listing and blocking ICMP requests
26.5.14.2. Configuring the ICMP filter using GUI
26.5.15. Setting and controlling IP sets using firewalld
26.5.15.1. Configuring IP set options using CLI
26.5.16. Prioritizing rich rules
26.5.16.1. How the priority parameter organizes rules into different chains
26.5.16.2. Setting the priority of a rich rule
26.5.17. Configuring firewall lockdown
26.5.17.1. Configuring lockdown using CLI
26.5.17.2. Configuring lockdown allowlist options using CLI
26.5.17.3. Configuring lockdown allowlist options using configuration files
26.5.18. Log for denied packets
26.5.19. Related information
Installed documentation
Online documentation
26.6. GETTING STARTED WITH NFTABLES
26.6.1. Migrating from iptables to nftables
26.6.1.1. When to use firewalld, nftables, or iptables
26.6.1.2. Converting iptables rules to nftables rules
26.6.2. Writing and executing nftables scripts
26.6.2.1. The required script header in nftables script
26.6.2.2. Supported nftables script formats
26.6.2.3. Running nftables scripts
26.6.2.4. Using comments in nftables scripts
26.6.2.5. Using variables in an nftables script
Variables with a single value
Variables that contain an anonymous set
26.6.2.6. Including files in an nftables script
26.6.2.7. Automatically loading nftables rules when the system boots
26.6.3. Creating and managing nftables tables, chains, and rules
26.6.3.1. Standard chain priority values and textual names
26.6.3.2. Displaying nftables rule sets
26.6.3.3. Creating an nftables table
26.6.3.4. Creating an nftables chain
26.6.3.5. Adding a rule to an nftables chain
26.6.3.6. Inserting a rule into an nftables chain
26.6.4. Configuring NAT using nftables
26.6.4.1. The different NAT types: masquerading, source NAT, and destination NAT
26.6.4.2. Configuring masquerading using nftables
26.6.4.3. Configuring source NAT using nftables
26.6.4.4. Configuring destination NAT using nftables
26.6.5. Using sets in nftables commands
26.6.5.1. Using anonymous sets in nftables
26.6.5.2. Using named sets in nftables
26.6.5.3. Related information
26.6.6. Using verdict maps in nftables commands
26.6.6.1. Using literal maps in nftables
26.6.6.2. Using mutable verdict maps in nftables
26.6.6.3. Related information
26.6.7. Configuring port forwarding using nftables
26.6.7.1. Forwarding incoming packets to a different local port
26.6.7.2. Forwarding incoming packets on a specific local port to a different host
26.6.8. Using nftables to limit the amount of connections
26.6.8.1. Limiting the number of connections using nftables
26.6.8.2. Blocking IP addresses that attempt more than ten new incoming TCP connections within one minute
26.6.9. Debugging nftables rules
26.6.9.1. Creating a rule with a counter
26.6.9.2. Adding a counter to an existing rule
26.6.9.3. Monitoring packets that match an existing rule
26.6.10. Backing up and restoring nftables rule sets
26.6.10.1. Backing up nftables rule sets to a file
26.6.10.2. Restoring nftables rule sets from a file
26.6.11. Related information
PART IV. DESIGN OF HARD DISK
CHAPTER 27. OVERVIEW OF AVAILABLE FILE SYSTEMS
27.1. TYPES OF FILE SYSTEMS
27.2. LOCAL FILE SYSTEMS
Available local file systems
27.3. THE XFS FILE SYSTEM
Performance characteristics
27.4. THE EXT4 FILE SYSTEM
27.5. COMPARISON OF XFS AND EXT4
27.6. CHOOSING A LOCAL FILE SYSTEM
27.7. NETWORK FILE SYSTEMS
Available network file systems
27.8. SHARED STORAGE FILE SYSTEMS
Comparison with network file systems
Concurrency
Performance characteristics
Available shared storage file systems
27.9. CHOOSING BETWEEN NETWORK AND SHARED STORAGE FILE SYSTEMS
27.10. VOLUME-MANAGING FILE SYSTEMS
Available volume-managing file systems
CHAPTER 28. MOUNTING NFS SHARES
28.1. INTRODUCTION TO NFS
28.2. SUPPORTED NFS VERSIONS
Default NFS version
Features of minor NFS versions
28.3. SERVICES REQUIRED BY NFS
The RPC services with NFSv4
28.4. NFS HOST NAME FORMATS
28.5. INSTALLING NFS
28.6. DISCOVERING NFS EXPORTS
28.7. MOUNTING AN NFS SHARE WITH MOUNT
28.8. COMMON NFS MOUNT OPTIONS
28.9. RELATED INFORMATION
CHAPTER 29. EXPORTING NFS SHARES
29.1. INTRODUCTION TO NFS
29.2. SUPPORTED NFS VERSIONS
Default NFS version
Features of minor NFS versions
29.3. THE TCP AND UDP PROTOCOLS IN NFSV3 AND NFSV4
29.4. SERVICES REQUIRED BY NFS
The RPC services with NFSv4
29.5. NFS HOST NAME FORMATS
29.6. NFS SERVER CONFIGURATION
29.6.1. The /etc/exports configuration file
Export entry
Default options
Default and overridden options
29.6.2. The exportfs utility
Common exportfs options
29.7. NFS AND RPCBIND
29.8. INSTALLING NFS
29.9. STARTING THE NFS SERVER
29.10. TROUBLESHOOTING NFS AND RPCBIND
29.11. CONFIGURING THE NFS SERVER TO RUN BEHIND A FIREWALL
29.12. EXPORTING RPC QUOTA THROUGH A FIREWALL
29.13. ENABLING NFS OVER RDMA (NFSORDMA)
29.14. CONFIGURING AN NFSV4-ONLY SERVER
29.14.1. Benefits and drawbacks of an NFSv4-only server
29.14.2. NFS and rpcbind
29.14.3. Configuring the NFS server to support only NFSv4
29.14.4. Verifying the NFSv4-only configuration
29.15. RELATED INFORMATION
CHAPTER 30. MOUNTING AN SMB SHARE ON RED HAT ENTERPRISE LINUX
30.1. SUPPORTED SMB PROTOCOL VERSIONS
30.2. UNIX EXTENSIONS SUPPORT
30.3. MANUALLY MOUNTING AN SMB SHARE
30.4. MOUNTING AN SMB SHARE AUTOMATICALLY WHEN THE SYSTEM BOOTS
30.5. AUTHENTICATING TO AN SMB SHARE USING A CREDENTIALS FILE
30.6. PERFORMING A MULTI-USER SMB MOUNT
30.6.1. Mounting a share with the multiuser option
30.6.2. Verifying if an SMB share is mounted with the multiuser option
30.6.3. Accessing a share as a user
30.7. FREQUENTLY USED MOUNT OPTIONS
CHAPTER 31. OVERVIEW OF PERSISTENT NAMING ATTRIBUTES
31.1. DISADVANTAGES OF NON-PERSISTENT NAMING ATTRIBUTES
31.2. FILE SYSTEM AND DEVICE IDENTIFIERS
File system identifiers
Device identifiers
Recommendations
31.3. DEVICE NAMES MANAGED BY THE UDEV MECHANISM IN /DEV/DISK/
31.3.1. File system identifiers
The UUID attribute in /dev/disk/by-uuid/
The Label attribute in /dev/disk/by-label/
31.3.2. Device identifiers
The WWID attribute in /dev/disk/by-id/
The Partition UUID attribute in /dev/disk/by-partuuid
The Path attribute in /dev/disk/by-path/
31.4. THE WORLD WIDE IDENTIFIER WITH DM MULTIPATH
31.5. LIMITATIONS OF THE UDEV DEVICE NAMING CONVENTION
31.6. LISTING PERSISTENT NAMING ATTRIBUTES
31.7. MODIFYING PERSISTENT NAMING ATTRIBUTES
CHAPTER 32. GETTING STARTED WITH PARTITIONS
32.1. VIEWING THE PARTITION TABLE
32.1.1. Viewing the partition table with parted
32.1.2. Example output of parted print
32.2. CREATING A PARTITION TABLE ON A DISK
32.2.1. Considerations before modifying partitions on a disk
The maximum number of partitions
The maximum size of a partition
Size alignment
32.2.2. Comparison of partition table types
32.2.3. MBR disk partitions
32.2.4. Extended MBR partitions
32.2.5. MBR partition types
32.2.6. GUID Partition Table
32.2.7. Creating a partition table on a disk with parted
32.3. CREATING A PARTITION
32.3.1. Considerations before modifying partitions on a disk
The maximum number of partitions
The maximum size of a partition
Size alignment
32.3.2. Partition types
Partition types or flags
Partition file system type
32.3.3. Partition naming scheme
32.3.4. Mount points and disk partitions
32.3.5. Creating a partition with parted
32.3.6. Setting a partition type with fdisk
32.4. REMOVING A PARTITION
32.4.1. Considerations before modifying partitions on a disk
The maximum number of partitions
The maximum size of a partition
Size alignment
32.4.2. Removing a partition with parted
32.5. RESIZING A PARTITION
32.5.1. Considerations before modifying partitions on a disk
The maximum number of partitions
The maximum size of a partition
Size alignment
32.5.2. Resizing a partition with parted
32.6. STRATEGIES FOR REPARTITIONING A DISK
32.6.1. Using unpartitioned free space
32.6.2. Using space from an unused partition
32.6.3. Using free space from an active partition
32.6.3.1. Destructive repartitioning
32.6.3.2. Non-destructive repartitioning
32.6.3.2.1. Compressing existing data
32.6.3.2.2. Resizing the existing partition
32.6.3.2.3. Creating new partitions
CHAPTER 33. GETTING STARTED WITH XFS
33.1. THE XFS FILE SYSTEM
Performance characteristics
33.2. CREATING AN XFS FILE SYSTEM
33.2.1. Creating an XFS file system with mkfs.xfs
33.2.2. Creating an XFS file system on a block device using RHEL System Roles
33.2.2.1. Example Ansible playbook to create an XFS file system on a block device
33.3. BACKING UP AN XFS FILE SYSTEM
33.3.1. Features of XFS backup
33.3.2. Backing up an XFS file system with xfsdump
33.3.3. Additional resources
33.4. RESTORING AN XFS FILE SYSTEM FROM BACKUP
33.4.1. Features of restoring XFS from backup
33.4.2. Restoring an XFS file system from backup with xfsrestore
33.4.3. Informational messages when restoring an XFS backup from a tape
33.4.4. Additional resources
33.5. INCREASING THE SIZE OF AN XFS FILE SYSTEM
33.5.1. Increasing the size of an XFS file system with xfs_growfs
33.6. COMPARISON OF TOOLS USED WITH EXT4 AND XFS
CHAPTER 34. MOUNTING FILE SYSTEMS
34.1. THE LINUX MOUNT MECHANISM
34.2. LISTING CURRENTLY MOUNTED FILE SYSTEMS
34.3. MOUNTING A FILE SYSTEM WITH MOUNT
34.4. MOVING A MOUNT POINT
34.5. UNMOUNTING A FILE SYSTEM WITH UMOUNT
34.6. COMMON MOUNT OPTIONS
34.7. SHARING A MOUNT ON MULTIPLE MOUNT POINTS
34.7.1. Types of shared mounts
34.7.2. Creating a private mount point duplicate
34.7.3. Creating a shared mount point duplicate
34.7.4. Creating a slave mount point duplicate
34.7.5. Preventing a mount point from being duplicated
34.7.6. Related information
34.8. PERSISTENTLY MOUNTING FILE SYSTEMS
34.8.1. The /etc/fstab file
34.8.2. Adding a file system to /etc/fstab
34.8.3. Persistently mounting a file system using RHEL System Roles
34.8.3.1. Example Ansible playbook to persistently mount a file system
34.9. MOUNTING FILE SYSTEMS ON DEMAND
34.9.1. The autofs service
34.9.2. The autofs configuration files
The master map file
Map files
The amd map format
34.9.3. Configuring autofs mount points
34.9.4. Automounting NFS server user home directories with autofs service
34.9.5. Overriding or augmenting autofs site configuration files
34.9.6. Using LDAP to store automounter maps
34.10. SETTING READ-ONLY PERMISSIONS FOR THE ROOT FILE SYSTEM
34.10.1. Files and directories that always retain write permissions
34.10.2. Configuring the root file system to mount with read-only permissions on boot
CHAPTER 35. MANAGING STORAGE DEVICES
35.1. MANAGING LAYERED LOCAL STORAGE WITH STRATIS
35.1.1. Setting up Stratis file systems
35.1.1.1. The purpose and features of Stratis
35.1.1.2. Components of a Stratis volume
35.1.1.3. Block devices usable with Stratis
Supported devices
Unsupported devices
35.1.1.4. Installing Stratis
35.1.1.5. Creating a Stratis pool
35.1.1.6. Creating a Stratis file system
35.1.1.7. Mounting a Stratis file system
35.1.1.8. Persistently mounting a Stratis file system
35.1.1.9. Related information
35.1.2. Extending a Stratis volume with additional block devices
35.1.2.1. Components of a Stratis volume
35.1.2.2. Adding block devices to a Stratis pool
35.1.2.3. Related information
35.1.3. Monitoring Stratis file systems
35.1.3.1. Stratis sizes reported by different utilities
35.1.3.2. Displaying information about Stratis volumes
35.1.3.3. Related information
35.1.4. Using snapshots on Stratis file systems
35.1.4.1. Characteristics of Stratis snapshots
35.1.4.2. Creating a Stratis snapshot
35.1.4.3. Accessing the content of a Stratis snapshot
35.1.4.4. Reverting a Stratis file system to a previous snapshot
35.1.4.5. Removing a Stratis snapshot
35.1.4.6. Related information
35.1.5. Removing Stratis file systems
35.1.5.1. Components of a Stratis volume
35.1.5.2. Removing a Stratis file system
35.1.5.3. Removing a Stratis pool
35.1.5.4. Related information
35.2. GETTING STARTED WITH SWAP
35.2.1. Swap space
35.2.2. Recommended system swap space
35.2.3. Adding swap space
35.2.3.1. Extending swap on an LVM2 logical volume
35.2.3.2. Creating an LVM2 logical volume for swap
35.2.3.3. Creating a swap file
35.2.4. Removing swap space
35.2.4.1. Reducing swap on an LVM2 logical volume
35.2.4.2. Removing an LVM2 logical volume for swap
35.2.4.3. Removing a swap file
CHAPTER 36. DEDUPLICATING AND COMPRESSING STORAGE
36.1. DEPLOYING VDO
36.1.1. Introduction to VDO
1936.1.2. VDO deployment scenarios
KVM
File systems
Placement of VDO on iSCSI
LVM
Encryption
36.1.3. Components of a VDO volume
36.1.4. The physical and logical size of a VDO volume
36.1.5. Slab size in VDO
36.1.6. VDO requirements
36.1.6.1. VDO memory requirements
36.1.6.2. VDO storage space requirements
36.1.6.3. Placement of VDO in the storage stack
36.1.6.4. Examples of VDO requirements by physical size
36.1.7. Installing VDO
36.1.8. Creating a VDO volume
36.1.9. Mounting a VDO volume
36.1.10. Enabling periodic block discard
36.1.11. Monitoring VDO
36.2. MAINTAINING VDO
36.2.1. Managing free space on VDO volumes
36.2.1.1. The physical and logical size of a VDO volume
36.2.1.2. Thin provisioning in VDO
36.2.1.3. Monitoring VDO
36.2.1.4. Reclaiming space for VDO on file systems
36.2.1.5. Reclaiming space for VDO without a file system
36.2.1.6. Reclaiming space for VDO on Fibre Channel or Ethernet network
36.2.2. Starting or stopping VDO volumes
36.2.2.1. Started and activated VDO volumes
36.2.2.2. Starting a VDO volume
36.2.2.3. Stopping a VDO volume
36.2.2.4. Related information
36.2.3. Automatically starting VDO volumes at system boot
36.2.3.1. Started and activated VDO volumes
36.2.3.2. Activating a VDO volume
36.2.3.3. Deactivating a VDO volume
36.2.4. Selecting a VDO write mode
36.2.4.1. VDO write modes
36.2.4.2. The internal processing of VDO write modes
36.2.4.3. Checking the write mode on a VDO volume
36.2.4.4. Checking for a volatile cache
36.2.4.5. Setting a VDO write mode
36.2.5. Recovering a VDO volume after an unclean shutdown
36.2.5.1. VDO write modes
36.2.5.2. VDO volume recovery
Automatic and manual recovery
36.2.5.3. VDO operating modes
36.2.5.4. Recovering a VDO volume online
36.2.5.5. Forcing an offline rebuild of a VDO volume metadata
36.2.5.6. Removing an unsuccessfully created VDO volume
36.2.6. Optimizing the UDS index
36.2.6.1. Components of a VDO volume
36.2.6.2. The UDS index
36.2.6.3. Recommended UDS index configuration
36.2.7. Enabling or disabling deduplication in VDO
36.2.7.1. Deduplication in VDO
36.2.7.2. Enabling deduplication on a VDO volume
36.2.7.3. Disabling deduplication on a VDO volume
36.2.8. Enabling or disabling compression in VDO
36.2.8.1. Compression in VDO
36.2.8.2. Enabling compression on a VDO volume
36.2.8.3. Disabling compression on a VDO volume
36.2.9. Increasing the size of a VDO volume
36.2.9.1. The physical and logical size of a VDO volume
36.2.9.2. Thin provisioning in VDO
36.2.9.3. Increasing the logical size of a VDO volume
36.2.9.4. Increasing the physical size of a VDO volume
36.2.10. Removing VDO volumes
36.2.10.1. Removing a working VDO volume
36.2.10.2. Removing an unsuccessfully created VDO volume
36.2.11. Related information
36.3. DISCARDING UNUSED BLOCKS
36.3.1. Block discard operations
Requirements
36.3.2. Types of block discard operations
Recommendations
36.3.3. Performing batch block discard
36.3.4. Enabling online block discard
36.3.5. Enabling online block discard using RHEL System Roles
36.3.5.1. Example Ansible playbook to enable online block discard
36.3.6. Enabling periodic block discard
36.4. USING THE WEB CONSOLE FOR MANAGING VIRTUAL DATA OPTIMIZER VOLUMES
36.4.1. VDO volumes in the web console
36.4.2. Creating VDO volumes in the web console
36.4.3. Formatting VDO volumes in the web console
36.4.4. Extending VDO volumes in the web console
PART V. DESIGN OF LOG FILE
CHAPTER 37. AUDITING THE SYSTEM
37.1. LINUX AUDIT
37.2. AUDIT SYSTEM ARCHITECTURE
37.3. CONFIGURING AUDITD FOR A SECURE ENVIRONMENT
37.4. STARTING AND CONTROLLING AUDITD
37.5. UNDERSTANDING AUDIT LOG FILES
37.6. USING AUDITCTL FOR DEFINING AND EXECUTING AUDIT RULES
37.7. DEFINING PERSISTENT AUDIT RULES
37.8. USING PRE-CONFIGURED RULES FILES
37.9. USING AUGENRULES TO DEFINE PERSISTENT RULES
37.10. DISABLING AUGENRULES
37.11. RELATED INFORMATION
PART VI. DESIGN OF KERNEL
CHAPTER 38. THE LINUX KERNEL RPM
38.1. WHAT AN RPM IS
Types of RPM packages
38.2. THE LINUX KERNEL RPM PACKAGE OVERVIEW
38.3. DISPLAYING CONTENTS OF THE KERNEL PACKAGE
CHAPTER 39. UPDATING KERNEL WITH YUM
39.1. WHAT IS THE KERNEL
39.2. WHAT IS YUM
39.3. UPDATING THE KERNEL
39.4. INSTALLING THE KERNEL
CHAPTER 40. CONFIGURING KERNEL COMMAND-LINE PARAMETERS
40.1. UNDERSTANDING KERNEL COMMAND-LINE PARAMETERS
40.2. WHAT GRUBBY IS
40.3. WHAT BOOT ENTRIES ARE
40.4. CHANGING KERNEL COMMAND-LINE PARAMETERS FOR ALL BOOT ENTRIES
40.5. CHANGING KERNEL COMMAND-LINE PARAMETERS FOR A SINGLE BOOT ENTRY
CHAPTER 41. CONFIGURING KERNEL PARAMETERS AT RUNTIME
41.1. WHAT ARE KERNEL PARAMETERS
41.2. CONFIGURING KERNEL PARAMETERS TEMPORARILY WITH SYSCTL
41.3. CONFIGURING KERNEL PARAMETERS PERMANENTLY WITH SYSCTL
41.4. USING CONFIGURATION FILES IN /ETC/SYSCTL.D/ TO ADJUST KERNEL PARAMETERS
41.5. CONFIGURING KERNEL PARAMETERS TEMPORARILY THROUGH /PROC/SYS/
CHAPTER 42. INSTALLING AND CONFIGURING KDUMP
42.1. WHAT IS KDUMP
42.2. INSTALLING KDUMP
42.3. CONFIGURING KDUMP ON THE COMMAND LINE
42.3.1. Configuring kdump memory usage
42.3.2. Configuring the kdump target
42.3.3. Configuring the core collector
42.3.4. Configuring the kdump default failure responses
42.3.5. Enabling and disabling the kdump service
42.4. CONFIGURING KDUMP IN THE WEB CONSOLE
42.4.1. Configuring kdump memory usage and target location in web console
42.5. SUPPORTED KDUMP CONFIGURATIONS AND TARGETS
42.5.1. Memory requirements for kdump
42.5.2. Minimum threshold for automatic memory reservation
42.5.3. Supported kdump targets
42.5.4. Supported kdump filtering levels
42.5.5. Supported default failure responses
42.5.6. Estimating kdump size
42.6. TESTING THE KDUMP CONFIGURATION
42.7. USING KEXEC TO REBOOT THE KERNEL
42.8. BLACKLISTING KERNEL DRIVERS FOR KDUMP
42.9. RUNNING KDUMP ON SYSTEMS WITH ENCRYPTED DISK
42.10. FIRMWARE ASSISTED DUMP MECHANISMS
42.10.1. Firmware assisted dump on IBM PowerPC hardware
42.10.2. Enabling firmware assisted dump mechanism
42.10.3. Firmware assisted dump mechanisms on IBM Z hardware
42.10.4. Using sadump on Fujitsu PRIMEQUEST systems
42.11. ANALYZING A CORE DUMP
42.11.1. Installing the crash utility
42.11.2. Running and exiting the crash utility
42.11.3. Displaying various indicators in the crash utility
Red Hat Enterprise Linux 8 System Design Guide
42.11.4. Using Kernel Oops Analyzer
42.12. USING EARLY KDUMP TO CAPTURE BOOT TIME CRASHES
42.12.1. What is early kdump
42.12.2. Enabling early kdump
42.13. RELATED INFORMATION
CHAPTER 43. APPLYING PATCHES WITH KERNEL LIVE PATCHING
43.1. LIMITATIONS OF KPATCH
43.2. SUPPORT FOR THIRD-PARTY LIVE PATCHING
43.3. ACCESS TO KERNEL LIVE PATCHES
43.4. COMPONENTS OF KERNEL LIVE PATCHING
43.5. HOW KERNEL LIVE PATCHING WORKS
43.6. SUBSCRIBING TO THE LIVE PATCHING STREAM
43.7. UPDATING KERNEL PATCH MODULES
43.8. REMOVING THE LIVE PATCHING PACKAGE
43.9. UNINSTALLING THE KERNEL PATCH MODULE
43.10. DISABLING KPATCH.SERVICE
CHAPTER 44. SETTING LIMITS FOR APPLICATIONS
44.1. UNDERSTANDING CONTROL GROUPS
44.2. WHAT KERNEL RESOURCE CONTROLLERS ARE
44.3. WHAT NAMESPACES ARE
44.4. SETTING CPU LIMITS TO APPLICATIONS USING CGROUPS-V1
44.5. SETTING CPU LIMITS TO APPLICATIONS USING CGROUPS-V2
CHAPTER 45. ANALYZING SYSTEM PERFORMANCE WITH BPF COMPILER COLLECTION
45.1. AN INTRODUCTION TO BCC
45.2. INSTALLING THE BCC-TOOLS PACKAGE
45.3. USING SELECTED BCC-TOOLS FOR PERFORMANCE ANALYSES
Using execsnoop to examine the system processes
Using opensnoop to track what files a command opens
Using biotop to examine the I/O operations on the disk
Using xfsslower to expose unexpectedly slow file system operations
PART VII. DESIGN OF HIGH AVAILABILITY SYSTEM
CHAPTER 46. HIGH AVAILABILITY ADD-ON OVERVIEW
46.1. HIGH AVAILABILITY ADD-ON COMPONENTS
46.2. PACEMAKER OVERVIEW
46.2.1. Pacemaker architecture components
46.2.2. Configuration and management tools
46.2.3. The cluster and pacemaker configuration files
46.3. FENCING OVERVIEW
46.4. QUORUM OVERVIEW
46.5. RESOURCE OVERVIEW
46.6. LVM LOGICAL VOLUMES IN A RED HAT HIGH AVAILABILITY CLUSTER
46.6.1. Choosing HA-LVM or shared volumes
46.6.2. Configuring LVM volumes in a cluster
CHAPTER 47. GETTING STARTED WITH PACEMAKER
47.1. LEARNING TO USE PACEMAKER
47.2. LEARNING TO CONFIGURE FAILOVER
CHAPTER 48. THE PCS COMMAND LINE INTERFACE
48.1. PCS HELP DISPLAY
48.2. VIEWING THE RAW CLUSTER CONFIGURATION
48.3. SAVING A CONFIGURATION CHANGE TO A WORKING FILE
48.4. DISPLAYING CLUSTER STATUS
48.5. DISPLAYING THE FULL CLUSTER CONFIGURATION
CHAPTER 49. CREATING A RED HAT HIGH-AVAILABILITY CLUSTER WITH PACEMAKER
49.1. INSTALLING CLUSTER SOFTWARE
49.2. INSTALLING THE PCP-ZEROCONF PACKAGE (RECOMMENDED)
49.3. CREATING A HIGH AVAILABILITY CLUSTER
49.4. CREATING A HIGH AVAILABILITY CLUSTER WITH MULTIPLE LINKS
49.5. CONFIGURING FENCING
49.6. BACKING UP AND RESTORING A CLUSTER CONFIGURATION
49.7. ENABLING PORTS FOR THE HIGH AVAILABILITY ADD-ON
CHAPTER 50. CONFIGURING AN ACTIVE/PASSIVE APACHE HTTP SERVER IN A RED HAT HIGH
AVAILABILITY CLUSTER
50.1. CONFIGURING AN LVM VOLUME WITH AN EXT4 FILE SYSTEM IN A PACEMAKER CLUSTER
50.2. CONFIGURING AN APACHE HTTP SERVER
50.3. CREATING THE RESOURCES AND RESOURCE GROUPS
50.4. TESTING THE RESOURCE CONFIGURATION
CHAPTER 51. CONFIGURING AN ACTIVE/PASSIVE NFS SERVER IN A RED HAT HIGH AVAILABILITY
CLUSTER
51.1. PREREQUISITES
51.2. PROCEDURAL OVERVIEW
51.3. CONFIGURING AN LVM VOLUME WITH AN EXT4 FILE SYSTEM IN A PACEMAKER CLUSTER
51.4. CONFIGURING AN NFS SHARE
51.5. CONFIGURING THE RESOURCES AND RESOURCE GROUP FOR AN NFS SERVER IN A CLUSTER
51.6. TESTING THE NFS RESOURCE CONFIGURATION
51.6.1. Testing the NFS export
51.6.2. Testing for failover
CHAPTER 52. GFS2 FILE SYSTEMS IN A CLUSTER
52.1. CONFIGURING A GFS2 FILE SYSTEM IN A CLUSTER
52.2. MIGRATING A GFS2 FILE SYSTEM FROM RHEL7 TO RHEL8
CHAPTER 53. CONFIGURING FENCING IN A RED HAT HIGH AVAILABILITY CLUSTER
53.1. DISPLAYING AVAILABLE FENCE AGENTS AND THEIR OPTIONS
53.2. CREATING A FENCE DEVICE
53.3. GENERAL PROPERTIES OF FENCING DEVICES
53.4. ADVANCED FENCING CONFIGURATION OPTIONS
53.5. TESTING A FENCE DEVICE
53.6. CONFIGURING FENCING LEVELS
53.7. CONFIGURING FENCING FOR REDUNDANT POWER SUPPLIES
53.8. DISPLAYING CONFIGURED FENCE DEVICES
53.9. MODIFYING AND DELETING FENCE DEVICES
53.10. MANUALLY FENCING A CLUSTER NODE
53.11. DISABLING A FENCE DEVICE
53.12. PREVENTING A NODE FROM USING A FENCE DEVICE
53.13. CONFIGURING ACPI FOR USE WITH INTEGRATED FENCE DEVICES
53.13.1. Disabling ACPI Soft-Off with the BIOS
53.13.2. Disabling ACPI Soft-Off in the logind.conf file
53.13.3. Disabling ACPI completely in the GRUB 2 File
CHAPTER 54. CONFIGURING CLUSTER RESOURCES
Red Hat Enterprise Linux 8 System Design Guide
Deleting a configured resource
54.1. RESOURCE AGENT IDENTIFIERS
54.2. DISPLAYING RESOURCE-SPECIFIC PARAMETERS
54.3. CONFIGURING RESOURCE META OPTIONS
54.3.1. Changing the default value of a resource option
54.3.2. Changing the default value of a resource option for sets of resources (RHEL 8.3 and later)
54.3.3. Displaying currently configured resource defaults
54.3.4. Setting meta options on resource creation
54.4. CONFIGURING RESOURCE GROUPS
54.4.1. Creating a resource group
54.4.2. Removing a resource group
54.4.3. Displaying resource groups
54.4.4. Group options
54.4.5. Group stickiness
54.5. DETERMINING RESOURCE BEHAVIOR
CHAPTER 55. DETERMINING WHICH NODES A RESOURCE CAN RUN ON
55.1. CONFIGURING LOCATION CONSTRAINTS
55.2. LIMITING RESOURCE DISCOVERY TO A SUBSET OF NODES
55.3. CONFIGURING A LOCATION CONSTRAINT STRATEGY
55.3.1. Configuring an “Opt-In” Cluster
55.3.2. Configuring an “Opt-Out” Cluster
55.4. CONFIGURING A RESOURCE TO PREFER ITS CURRENT NODE
CHAPTER 56. DETERMINING THE ORDER IN WHICH CLUSTER RESOURCES ARE RUN
56.1. CONFIGURING MANDATORY ORDERING
56.2. CONFIGURING ADVISORY ORDERING
56.3. CONFIGURING ORDERED RESOURCE SETS
56.4. CONFIGURING STARTUP ORDER FOR RESOURCE DEPENDENCIES NOT MANAGED BY PACEMAKER
CHAPTER 57. COLOCATING CLUSTER RESOURCES
57.1. SPECIFYING MANDATORY PLACEMENT OF RESOURCES
57.2. SPECIFYING ADVISORY PLACEMENT OF RESOURCES
57.3. COLOCATING SETS OF RESOURCES
57.4. REMOVING COLOCATION CONSTRAINTS
CHAPTER 58. DISPLAYING RESOURCE CONSTRAINTS
58.1. DISPLAYING ALL CONFIGURED CONSTRAINTS
58.2. DISPLAYING LOCATION CONSTRAINTS
58.3. DISPLAYING ORDERING CONSTRAINTS
58.4. DISPLAYING COLOCATION CONSTRAINTS
58.5. DISPLAYING RESOURCE-SPECIFIC CONSTRAINTS
58.6. DISPLAYING RESOURCE DEPENDENCIES (RED HAT ENTERPRISE LINUX 8.2 AND LATER)
CHAPTER 59. DETERMINING RESOURCE LOCATION WITH RULES
59.1. PACEMAKER RULES
59.1.1. Node attribute expressions
59.1.2. Time/date based expressions
59.1.3. Date specifications
59.2. CONFIGURING A PACEMAKER LOCATION CONSTRAINT USING RULES
CHAPTER 60. MANAGING CLUSTER RESOURCES
60.1. DISPLAYING CONFIGURED RESOURCES
60.2. MODIFYING RESOURCE PARAMETERS
60.3. CLEARING FAILURE STATUS OF CLUSTER RESOURCES
60.4. MOVING RESOURCES IN A CLUSTER
60.4.1. Moving resources due to failure
60.4.2. Moving resources due to connectivity changes
60.5. DISABLING A MONITOR OPERATION
60.6. CONFIGURING AND MANAGING CLUSTER RESOURCE TAGS (RHEL 8.3 AND LATER)
60.6.1. Tagging cluster resources for administration by category
60.6.2. Deleting a tagged cluster resource
CHAPTER 61. CREATING CLUSTER RESOURCES THAT ARE ACTIVE ON MULTIPLE NODES (CLONED
RESOURCES)
61.1. CREATING AND REMOVING A CLONED RESOURCE
61.2. CONFIGURING CLONE RESOURCE CONSTRAINTS
61.3. CREATING PROMOTABLE CLONE RESOURCES
61.3.1. Creating a promotable resource
61.3.2. Configuring promotable resource constraints
61.4. DEMOTING A PROMOTED RESOURCE ON FAILURE (RHEL 8.3 AND LATER)
CHAPTER 62. MANAGING CLUSTER NODES
62.1. STOPPING CLUSTER SERVICES
62.2. ENABLING AND DISABLING CLUSTER SERVICES
62.3. ADDING CLUSTER NODES
62.4. REMOVING CLUSTER NODES
62.5. ADDING A NODE TO A CLUSTER WITH MULTIPLE LINKS
62.6. ADDING AND MODIFYING LINKS IN AN EXISTING CLUSTER (RHEL 8.1 AND LATER)
62.6.1. Adding and removing links in an existing cluster
62.6.2. Modifying a link in a cluster with multiple links
62.6.3. Modifying the link addresses in a cluster with a single link
62.6.4. Modifying the link options for a link in a cluster with a single link
62.6.5. Modifying a link when adding a new link is not possible
62.7. CONFIGURING A LARGE CLUSTER WITH MANY RESOURCES
CHAPTER 63. PACEMAKER CLUSTER PROPERTIES
63.1. SUMMARY OF CLUSTER PROPERTIES AND OPTIONS
63.2. SETTING AND REMOVING CLUSTER PROPERTIES
63.3. QUERYING CLUSTER PROPERTY SETTINGS
CHAPTER 64. CONFIGURING A VIRTUAL DOMAIN AS A RESOURCE
64.1. VIRTUAL DOMAIN RESOURCE OPTIONS
64.2. CREATING THE VIRTUAL DOMAIN RESOURCE
CHAPTER 65. CLUSTER QUORUM
65.1. CONFIGURING QUORUM OPTIONS
65.2. MODIFYING QUORUM OPTIONS
65.3. DISPLAYING QUORUM CONFIGURATION AND STATUS
65.4. RUNNING INQUORATE CLUSTERS
65.5. QUORUM DEVICES
65.5.1. Installing quorum device packages
65.5.2. Configuring a quorum device
65.5.3. Managing the Quorum Device Service
65.5.4. Managing the quorum device settings in a cluster
65.5.4.1. Changing quorum device settings
65.5.4.2. Removing a quorum device
Red Hat Enterprise Linux 8 System Design Guide
65.5.4.3. Destroying a quorum device
CHAPTER 66. INTEGRATING NON-COROSYNC NODES INTO A CLUSTER: THE PACEMAKER_REMOTE
SERVICE
66.1. HOST AND GUEST AUTHENTICATION OF PACEMAKER_REMOTE NODES
66.2. CONFIGURING KVM GUEST NODES
66.2.1. Guest node resource options
66.2.2. Integrating a virtual machine as a guest node
66.3. CONFIGURING PACEMAKER REMOTE NODES
66.3.1. Remote node resource options
66.3.2. Remote node configuration overview
66.4. CHANGING THE DEFAULT PORT LOCATION
66.5. UPGRADING SYSTEMS WITH PACEMAKER_REMOTE NODES
CHAPTER 67. PERFORMING CLUSTER MAINTENANCE
67.1. PUTTING A NODE INTO STANDBY MODE
67.2. MANUALLY MOVING CLUSTER RESOURCES
67.2.1. Moving a resource from its current node
67.2.2. Moving a resource to its preferred node
67.3. DISABLING, ENABLING, AND BANNING CLUSTER RESOURCES
Disabling a cluster resource
Enabling a cluster resource
Preventing a resource from running on a particular node
Forcing a resource to start on the current node
67.4. SETTING A RESOURCE TO UNMANAGED MODE
67.5. PUTTING A CLUSTER IN MAINTENANCE MODE
67.6. UPDATING A RHEL HIGH AVAILABILITY CLUSTER
67.7. UPGRADING REMOTE NODES AND GUEST NODES
67.8. MIGRATING VMS IN A RHEL CLUSTER
CHAPTER 68. CONFIGURING AND MANAGING LOGICAL VOLUMES
68.1. LOGICAL VOLUMES
68.1.1. LVM architecture overview
68.1.2. Physical volumes
68.1.2.1. LVM physical volume layout
68.1.2.2. Multiple partitions on a disk
68.1.3. Volume groups
68.1.4. LVM logical volumes
68.1.4.1. Linear Volumes
68.1.4.2. Striped Logical Volumes
68.1.4.3. RAID logical volumes
68.1.4.4. Thinly-provisioned logical volumes (thin volumes)
68.1.4.5. Snapshot Volumes
68.1.4.6. Thinly-provisioned snapshot volumes
68.1.4.7. Cache Volumes
68.2. CONFIGURING LVM LOGICAL VOLUMES
68.2.1. Using CLI commands
Specifying units in a command line argument
Specifying volume groups and logical volumes
Increasing output verbosity
Displaying help for LVM CLI commands
68.2.2. Creating an LVM logical volume on three disks
68.2.3. Creating a RAID0 (striped) logical volume
68.2.4. Renaming LVM logical volumes
2768.2.5. Removing a disk from a logical volume
68.2.5.1. Moving extents to existing physical volumes
68.2.5.2. Moving Extents to a New Disk
68.2.6. Configuring persistent device numbers
68.2.7. Specifying LVM extent size
68.2.8. Managing LVM logical volumes using RHEL System Roles
68.2.8.1. Example Ansible playbook to manage logical volumes
68.2.8.2. Additional resources
68.2.9. Removing LVM logical volumes
68.3. MODIFYING THE SIZE OF A LOGICAL VOLUME
68.3.1. Growing logical volumes
68.3.2. Growing a file system on a logical volume
68.3.3. Shrinking logical volumes
68.3.4. Extending a striped logical volume
68.4. MANAGING LVM PHYSICAL VOLUMES
68.4.1. Scanning for block devices to use as physical volumes
68.4.2. Setting the partition type for a physical volume
68.4.3. Resizing an LVM physical volume
68.4.4. Removing physical volumes
68.4.5. Adding physical volumes to a volume group
68.4.6. Removing physical volumes from a volume group
68.5. DISPLAYING LVM COMPONENTS
68.5.1. Displaying LVM Information with the lvm Command
68.5.2. Displaying physical volumes
68.5.3. Displaying volume groups
68.5.4. Displaying logical volumes
68.6. CUSTOMIZED REPORTING FOR LVM
68.6.1. Controlling the format of the LVM display
68.6.2. LVM object display fields
68.6.3. Sorting LVM reports
68.6.4. Specifying the units for an LVM report display
68.6.5. Displaying LVM command output in JSON format
68.6.6. Displaying the LVM command log
68.7. CONFIGURING RAID LOGICAL VOLUMES
68.7.1. RAID logical volumes
68.7.2. RAID levels and linear support
68.7.3. LVM RAID segment types
68.7.4. Creating RAID logical volumes
68.7.5. Creating a RAID0 (striped) logical volume
68.7.6. Using DM integrity with RAID LV
68.7.6.1. Soft data corruption
68.7.6.2. Creating a RAID LV with DM integrity
68.7.6.3. Adding DM integrity to an existing RAID LV
68.7.6.4. Removing integrity from a RAID LV
68.7.6.5. Viewing DM integrity information
68.7.6.6. Additional resources
68.7.7. Controlling the rate at which RAID volumes are initialized
68.7.8. Converting a Linear device to a RAID device
68.7.9. Converting an LVM RAID1 logical volume to an LVM linear logical volume
68.7.10. Converting a mirrored LVM device to a RAID1 device
68.7.11. Resizing a RAID logical volume
68.7.12. Changing the number of images in an existing RAID1 device
68.7.13. Splitting off a RAID image as a separate logical volume
Red Hat Enterprise Linux 8 System Design Guide
2868.7.14. Splitting and Merging a RAID Image
68.7.15. Setting a RAID fault policy
68.7.15.1. The allocate RAID Fault Policy
68.7.15.2. The warn RAID Fault Policy
68.7.16. Replacing a RAID device in a logical volume
68.7.16.1. Replacing a RAID device that has not failed
68.7.16.2. Failed devices in LVM RAID
68.7.16.3. Recovering a failed RAID device in a logical volume
68.7.16.4. Replacing a failed RAID device in a logical volume
68.7.17. Checking data coherency in a RAID logical volume (RAID scrubbing)
68.7.18. Converting a RAID level (RAID takeover)
68.7.19. Changing attributes of a RAID volume (RAID reshape)
68.7.20. Controlling I/O Operations on a RAID1 logical volume
68.7.21. Changing the region size on a RAID logical volume
68.8. SNAPSHOT LOGICAL VOLUMES
68.8.1. Snapshot Volumes
68.8.2. Creating snapshot volumes
68.8.3. Merging snapshot volumes
68.9. CREATING AND MANAGING THINLY-PROVISIONED LOGICAL VOLUMES (THIN VOLUMES)
68.9.1. Thinly-provisioned logical volumes (thin volumes)
68.9.2. Creating thinly-provisioned logical volumes
68.9.3. Thinly-provisioned snapshot volumes
68.9.4. Creating thinly-provisioned snapshot volumes
68.9.5. Tracking and displaying thin snapshot volumes that have been removed
68.10. ENABLING CACHING TO IMPROVE LOGICAL VOLUME PERFORMANCE
68.10.1. Caching methods in LVM
68.10.2. LVM caching components
68.10.3. Enabling dm-cache caching for a logical volume
68.10.4. Enabling dm-cache caching with a cachepool for a logical volume
68.10.5. Enabling dm-writecache caching for a logical volume
68.10.6. Disabling caching for a logical volume
68.11. LOGICAL VOLUME ACTIVATION
68.11.1. Controlling autoactivation of logical volumes
68.11.2. Controlling logical volume activation
68.11.3. Activating shared logical volumes
68.11.4. Activating a logical volume with missing devices
68.12. CONTROLLING LVM DEVICE SCANNING
68.12.1. The LVM device filter
68.12.2. Examples of LVM device filter configurations
68.12.3. Applying an LVM device filter configuration
68.13. CONTROLLING LVM ALLOCATION
68.13.1. LVM allocation policies
68.13.2. Preventing allocation on a physical volume
68.13.3. Extending a logical volume with the cling allocation policy
68.13.4. Differentiating between LVM RAID objects using tags
68.14. TROUBLESHOOTING LVM
68.14.1. Gathering diagnostic data on LVM
68.14.2. Displaying information on failed LVM devices
68.14.3. Removing lost LVM physical volumes from a volume group
68.14.4. Recovering an LVM physical volume with damaged metadata
68.14.4.1. Discovering that an LVM volume has missing or corrupted metadata
68.14.4.2. Finding the metadata of a missing LVM physical volume
68.14.4.3. Restoring metadata on an LVM physical volume
2968.14.5. Replacing a missing LVM physical volume
68.14.5.1. Finding the metadata of a missing LVM physical volume
68.14.5.2. Restoring metadata on an LVM physical volume
68.14.6. Troubleshooting LVM RAID
68.14.6.1. Checking data coherency in a RAID logical volume (RAID scrubbing)
68.14.6.2. Failed devices in LVM RAID
68.14.6.3. Recovering a failed RAID device in a logical volume
68.14.6.4. Replacing a failed RAID device in a logical volume
68.14.7. Troubleshooting insufficient free extents for a logical volume
68.14.7.1. Volume groups
68.14.7.2. Rounding errors in LVM output
68.14.7.3. Preventing the rounding error when creating an LVM volume
68.14.8. Troubleshooting duplicate physical volume warnings for multipathed LVM devices
68.14.8.1. Root cause of duplicate PV warnings
68.14.8.2. Cases of duplicate PV warnings
68.14.8.3. The LVM device filter
68.14.8.4. Example LVM device filters that prevent duplicate PV warnings
68.14.8.5. Applying an LVM device filter configuration
68.14.8.6. Additional resources
نظرات (0)
.فقط مشتریانی که این محصول را خریداری کرده اند و وارد سیستم شده اند میتوانند برای این محصول دیدگاه(نظر) ارسال کنند.
نقد و بررسیها
هیچ دیدگاهی برای این محصول نوشته نشده است.