Category: Linux

Logical Volumes (LVM), Disk Encryption, Creating a RAID Device

Logical Volumes (LVM), Disk Encryption, Creating a RAID Device
in Linux

================

In this post I show you these three (3) advanced procedures for CentOS 7 Linux Server…

I recommend try them in test VM Server and after in Production Server…

A – Disk Encryption

Exercise 22.1 Disk Encryption
In this exercise, you will encrypt a partition on the disk in order to provide a measure of security in the event that the hard drive or laptop is stolen. Reviewing the cryptsetup documentation first would be a good idea (man cryptsetup and cryptsetup –help).

1. Create a new partition for the encrypted block device with fdisk. Make sure the kernel is aware of the new partition table. A reboot will do this but there are other methods.
2. Format the partition with cryptsetup using LUKS for the crypto layer.
3. Create the un-encrypted pass through device by opening the encrypted block device, i.e., secret-disk.
4. Add an entry to /etc/crypttab so that the system prompts for the passphrase on reboot.
5. Format the filesystem as an ext4 filesystem.
6. Create a mount point for the new filesystem, i.e. /secret.
7. Add an entry to /etc/fstab so that the filesystem is mounted on boot.
8. Try and mount the encrypted filesystem.
9. Validate the entire configuration by rebooting.

Solution 22.1
1. $ sudo fdisk /dev/sda
Create a new partition (in the below /dev/sda4 to be concrete) and then either issue:
$ sudo partprobe -s
to have the system re-read the modified partition table, or reboot (which is far safer).
Note: If you can’t use a real partition, use the technique in the previous chapter to use a loop device or image file for the same purpose.
2. $ sudo cryptsetup luksFormat /dev/sda4
3. $ sudo cryptsetup luksOpen /dev/sda4 secret-disk
4. Add the following to /etc/crypttab:
secret-disk /dev/sda4
5. $ sudo mkfs -t ext4 /dev/mapper/secret-disk
6. $ sudo mkdir -p /secret
7. Add the following to /etc/fstab:
/dev/mapper/secret-disk /secret ext4 defaults 1 2
8. Mount just the one filesystem:
$ sudo mount /secret
or mount all filesystems mentioned in /etc/fstab:
$ sudo mount -a
9. Reboot.

B – Logical Volumes (LVM)

Exercise 23.1 Logical Volumes
We are going to create a logical volume using two 250 MB partitions. We are going to assume you have real partition-able disk space available.

1. Create two 250 MB partitions of type logical volume (8e).
2. Convert the partitions to physical volumes.
3. Create a volume group named myvg and add the two physical volumes to it. Use the default extent size.
4. Allocate a 300 MB logical volume named mylvm from volume group myvg.
5. Format and mount the logical volume mylvm at /mylvm
6. Use lvdisplay to view information about the logical volume.
7. Grow the logical volume and corresponding filesystem to 350 MB.

Solution 23.1
1. Execute:
$ sudo fdisk /dev/sda
using whatever hard disk is appropriate, and create the two partitions. While in fdisk, typing t will let you set the partition type to 8e. While it doesn’t matter if you don’t set the type, it is a good idea to lessen confusion. Use w to rewrite the partition table and exit, and then
$ sudo partprobe -s
or reboot to make sure the new partitions take effect.
2. Assuming the new partitions are /dev/sdaX and /dev/sdaY:
$ sudo pvcreate /dev/sdaX
$ sudo pvcreate /dev/sdaY
$ sudo pvdisplay
3. $ sudo vgcreate myvg /dev/sdaX /dev/sdaY
$ sudo vgdisplay
4. $ sudo lvcreate -L 300M -n mylvm myvg
$ sudo lvdisplay
5. $ sudo mkfs.ext4 /dev/myvg/mylvm
$ mkdir /mylvm
$ sudo mount /dev/myvg/mylvm /mylvm
If you want the mount to be persistent, edit /etc/fstab to include the line:
/dev/myvg/mylvm /mylvm ext4 defaults 0 0
6. $ sudo lvdisplay
7. $ df -h
$ sudo lvresize -r -L 350M /dev/myvg/mylvm
$ df -h
or
$ sudo lvresize -r -L +50M /dev/myvg/mylvm

C – Creating a RAID Device

Exercise 24.1 Creating a RAID Device
Normally when creating a RAID device we would use partitions on separate disks. However, for this exercise we probably don’t have such hardware available. Thus we will need to have two partitions on the same disk.
The process will be the same whether the partitions are on one drive or several (Although there is obviously little reason to actually create a RAID on a single device).

1. Create two 200 MB partitions of type raid (fd) either on your hard disk using fdisk, or using LVM.
2. Create a RAID 1 device named /dev/md0 using the two partitions.
3. Format the RAID device as an ext4 filesystem. Then mount it at /myraid and make the mount persistent.
4. Place the information about /dev/md0 in /etc/mdadm.conf file using mdadm. (Depending on your distribution, this file may not
previously exist.)
5. Examine /proc/mdstat to see the status of your RAID device.

Solution 24.1
1. If you need to create new partitions do:
$ sudo fdisk /dev/sda
and create the partitions as we have done before. For purposes of being definite, we will call them /dev/sdaX and
/dev/sdaY. You will need to run partprobe or kpartx or reboot after you are done to make sure the system is properly aware of the new partitions.
2. $ sudo mdadm -C /dev/md0 –level=1 –raid-disks=2 /dev/sdaX /dev/sdaY
3. $ sudo mkfs.ext4 /dev/md0
$ sudo mkdir /myraid
$ sudo mount /dev/md0 /myraid
and add to /etc/fstab
/dev/md0 /myraid ext4 defaults 0 0
4. $ mdadm –detail –scan >> /etc/mdadm.conf
5. $ cat /proc/mdstat
Personalities : [raid1]
md0 : active raid1 dm-14[1] dm-13[0]
204736 blocks [2/2] [UU]
unused devices: <none>
You should probably verify that with a reboot, the RAID volume is mounted automatically. When you are done, you probably will want to clean up by removing the line from /etc/fstab, and then getting rid of the partitions.

My first PC Build – Help & Tips

My first PC Build – Help & Tips – Learning Material Used

I recommend Intel Processors due to the fact are used by Apple Macs hence is supported/you-can-build a Hackintosh system or run a Virtual Machines(VM) and have as guest platform MacOS in addition to the normal Windows 10 or Linux VMs…
I recommend pickup the items you want but Not purchase them at the moment,… but await a Holiday Discount period to buy them under discount… I buy most items under Black Friday(BF) period at 20% Off. You can buy at BF if USA store or at Prime Day from Amazon or at Xmas etc

 

eBooks

  1. (c) 2009 , Build Your Own PC – Do-It-Yourself For Dummies [ Part-of-Tens useful Tips at the end of the eBook ]
  2. (c) 2017 , Troubleshooting and Maintaining Your PC All-in-One For Dummies – 3/e
  3. How to Buy/Choose a PC.PDF
  4. Windows 10 Anniversary Update Bible (2017), Wiley
  5. Linux Bible 9th Edition 2015, Wiley
  6. Build a Better PC – 2013
  7. https://s3.eu-central-1.amazonaws.com/leonidassavvides/rhel_5_6_7_cheatsheet_11x17_0417_jcs.pdf

Web-Sites

  1. https://choosemypc.net
  2. https://pcpartpicker.com
  3. http://techreport.com/review/23624/how-to-build-a-pc-the-tech-report-guide/
  4. https://www.singular.com.cy/ – buy components etc

Videos

  1. https://youtu.be/mqb4dDSPRP0 – Win 10 Pro for 15$ [best to install/activate immediately]
  2. How To Build The Best PC For Photo and Video Editing
    https://youtu.be/7D50mMbxB8o
  3. http://techreport.com/review/23624/how-to-build-a-pc-the-tech-report-guide/
  4. Watch “Avoiding Common PC Building Traps – Episode 1,2,3,4” on YouTube
    1. https://youtu.be/-plesrt8ZCs
    2. https://youtu.be/pPFEkL5GIiI
    3. https://youtu.be/CB9KiKrC-C4
    4. https://youtu.be/CkbgkOeqT0Q

================================

Coming Soon my Components & Setup Process

Upcoming Program Changes for the LFCS Certification Exam in 2018

Answers & Notes

If you sit for a free retake after 13:00 UTC on March 20, 2018, you will be tested on Domains and Competencies V3.18 (even if that is not what you were originally tested on during your first attempt).

LFCS Domains and Competencies V3.18

Essential Commands – 25%

  • Log into local & remote graphical and text mode consoles
  • Search for files
  • Evaluate and compare the basic file system features and options
  • Compare and manipulate file content
  • Use input-output redirection (e.g. >, >>, |, 2>)
  • Analyze text using basic regular expressions
  • Archive, backup, compress, unpack, and uncompress files
  • Create, delete, copy, and move files and directories
  • Create and manage hard and soft links
  • List, set, and change standard file permissions
  • Read, and use system documentation
  • Manage access to the root account

Operation of Running Systems – 20%

  • Boot, reboot, and shut down a system safely
  • Boot or change system into different operating modes
  • Install, configure and troubleshoot bootloaders
  • Diagnose and manage processes
  • Locate and analyze system log files
  • Schedule tasks to run at a set date and time
  • Verify completion of scheduled jobs
  • Update software to provide required functionality and security
  • Verify the integrity and availability of resources
  • Verify the integrity and availability of key processes
  • Change kernel runtime parameters, persistent and non-persistent
  • Use scripting to automate system maintenance tasks
  • Manage the startup process and services (In Services Configuration)
  • List and identify SELinux/AppArmor file and process contexts
  • Manage Software
  • Identify the component of a Linux distribution that a file belongs to

User and Group Management – 10%

  • Create, delete, and modify local user accounts
  • Create, delete, and modify local groups and group memberships
  • Manage system-wide environment profiles
  • Manage template user environment
  • Configure user resource limits
  • Manage user privileges
  • Configure PAM

Networking – 12%

  • Configure networking and hostname resolution statically or dynamically
  • Configure network services to start automatically at boot
  • Implement packet filtering
  • Start, stop, and check the status of network services
  • Statically route IP traffic
  • Synchronize time using other network peers

Service Configuration – 20%

  • Configure a caching DNS server
  • Maintain a DNS zone
  • Connect to network shares 
  • Configure email aliases
  • Configure SSH servers and clients
  • Restrict access to HTTP proxy servers
  • Configure an IMAP and IMAPS service
  • Query and modify the behavior of system services at various operating modes
  • Configure an HTTP server
  • Configure HTTP server log files
  • Restrict access to a web page
  • Configure a database server
  • Manage and configure containers
  • Manage and configure Virtual Machines

Storage Management – 13%

  • List, create, delete, and modify physical storage partitions
  • Manage and configure LVM storage
  • Create and configure encrypted storage
  • Configure systems to mount file systems at or during boot
  • Configure and manage swap space
  • Create and manage RAID devices
  • Configure systems to mount file systems on demand
  • Create, manage and diagnose advanced file system permissions
  • Setup user and group disk quotas for filesystems
  • Create and configure file systems