-
Notifications
You must be signed in to change notification settings - Fork 0
Container management
NOTES: with Fedora 22, yum is depreciated. Use dnf to manage packages.
To create drop-in snippets for the unit file /usr/lib/systemd/system/unit, create the directory /etc/systemd/system/unit.d/ and place .conf files there to override or add new options. systemd will parse these .conf files and apply them on top of the original unit.
The easiest way to do this is to run:
# systemctl edit MyUnit
This opens the file /etc/systemd/system/unit.d/override.conf in your text editor (creating it if necessary) and automatically reloads the unit when you are done editing.
Systemd does not inherit from system environment variables. To list and set systemd specific variables:
$ systemctl show-environment
# systemctl set-environment MyVariable=MyValue
- view the content of a unit file and all associated drop-in snippets.
$ systemctl cat MyUnit
- find a file :
# find myPath -iname 'myFile' -print
- show directory structure and files
$ tree -a -L 'number' /path/
- List running daemons
$ systemctl list-units --state=running | awk '{print $1}' | grep service > daemon.list
- generate a MD5 based BSD password with algorithm 1:
$ openssl passwd -1
- list socket and listening process
$ ss
- get picture information
$ identify MyPic.jpg
MyPic.jpg JPEG 800x600 800x60B 112KB 0.000u 0:00.000
Identify is part of Image magic
-
list diff between two folders $ diff -ENwbur dir1 dir2
-
remount directory as read/write. This can be useful for everything in the
/proc/sysas it is mounted as RO.
# mount /proc/sys -o rw,remount
Netstat is a command line utility that can be used to list out all the network (socket) connections on a system. It lists out all the tcp, udp socket connections and the unix socket connections.
Apart from connected sockets it can also list listening sockets that are waiting for incoming connections. So by verifying an open port 80 you can confirm if a web server is running on the system or not. This makes it a very useful tool for network and system administrators.
See this article for a list of useful commands.
Cockpit is a new web based server manager to administer Linux server.
Point your browser to the following url: http://192.168.1.94:9090 to access the console locally.
- Cockpit can be configured via
/etc/cockpit/cockpit.conf. This file is not created at install.
Add user access only for cockpit-ws group.
Normally cockpit-ws uses cockpit-session and PAM to authenticate the user and start a user session.
- The cockpit-ws program is the web service component. The service and its socket are started by systemd.To specify the TLS certificate the web service should use, simply drop a file with the extension .cert in the
/etc/cockpit/ws-certs.ddirectory.
dnf is now the default package manager for fedora. Most commands are trivial.
- install a package
# dnf install MyPackages
- upgrade all packages
# dnf upgrade
- get info about a packages
$ dnf info MyPackage
- find which package a file belongs to
$ dnf provides /path/to/file
$ rpm -qf /path/to/file --queryformat '%{NAME}\n'
- find which package a command belongs to
$ rpm -qf $(which foo)
- find what a package provides
$ rpm -qp --provides file.rpm
- find what a package requires
rpm -qp --requires file.rpm
NOTE: when a configuration file is upgraded, new one is installed as myconf.rpmnew. Best practice:
- save
myconf -
vimdiff the old and new config files and save to
myconf - test
- if everything is OK, remove both
myconf.rpmnew,myconf.bck
# dnf system-upgrade download --refresh --releasever=XX
# dnf system-upgrade reboot
If some of your packages have unsatisfied dependencies, the upgrade will refuse to continue until you run it again with an extra --allowerasing option
Follow these steps.
Build the package:
$ rpmbuild -ba NAME.spec
TIP: to download the source package, run
spectool -g foo.spec
To solve dependency issues, all custom rpm packages have to be listed in a repo. We will use here a local one sync with sqlite.
1- place all rpm in /storage/development/rpm
2- check everything is owned by root
3- run as root createrepo /storage/development/rpm. It will create and populate a subdirectory repodata.
4- run as root dnf config-manager add-repo file:///storage/development/rpm/. A repo file will be added in /etc/yum.repos.d
6- check your repo exists and can be read:
$ dnf repolist
7- resync the data base wnen installing package:
# dnf --refresh install MyPackage
- be sure your are registered as user on the server
- ask administrator to allow password auth
- generate a SSH rsa key· if not already done
- copy your key to the server:
ssh-copy-id [email protected]
You will be prompted to enter your user password. The ~/.ssh/authorized_keys file will then be created.Then,
$ chmod 600 ~/.ssh/authorized_keys
$ chmod 700 ~/.ssh
Connect to poppy:
$ ssh [email protected]
scp stands for secure cp (copy), which means you can copy files across ssh connection. You can use scp to copy files from or to a remote server
Examples:
- Copy one single local file to a remote destination
$ scp /path/to/source-file user@host:/path/to/destination-folder/
- Copy all files in a folder to a remote server
$ scp /path/to/folder/* user@server:/path/to/folder/
# useradd -G wheel -s /usr/bin/zsh UserName
# passwd UserName
Changing password for user UserName
New password:
Retype new password:
# gpasswd --add username group
This command will create a system user with no home directory, no group with same name as the user and its numeric identifier chosen in the SYS_UID_MIN-SYS_UID_MAX range.
# useradd -r -N -G MyGroup -s /sbin/nologin SystemUserName
NOTES:
- When the login shell is intended to be non-functional, for example when the user account is created for a specific service,
/usr/bin/nologinmay be specified in place of a regular shell to politely refuse a login (see nologin(8)). - when shell option is added, please verify it is list in
/etc/shells - Members of group wheel can run the sudo command and gain privileges.
/etc/polkit-1/rules.d/50-default.rules
# who -a
Cronie is now depreciated in the benefit of systemd timer
# systemctl disable crond
Removed symlink /etc/systemd/system/multi-user.target.wants/crond.service.
list of services running on your system on tcp and udp ports:
# netstat -lnptu
Fedora includes the Net-SNMP software suite, which includes a flexible and extensible Simple Network Management Protocol (SNMP) agent
For practical reasons, logs have been grouped as much as possible in the /storage/log directory.
Systemd provides a centralized management solution for logging all kernel and userland processes. The system that collects and manages these logs is known as the journal.
- delete old archives and keep only 5 last days
# journalctl --vacuum-time=5d
- view from last entries
$ journalctl -r
- view a specific unit
$ journalctl -u MyUnit
- view boot kernel messages
$ journalctl -b
See how much RAM is available
$ free -m
$ iostat
Linux 4.0.1-1-apparmor (poppy) 05/10/2015 _x86_64_ (8 CPU)
avg-cpu: %user %nice %system %iowait %steal %idle
1.10 0.72 0.44 0.03 0.00 97.70
Device: tps kB_read/s kB_wrtn/s kB_read kB_wrtn
sdc 0.98 10.02 15.28 1706795 2602976
sdb 3.60 17.63 67.03 3004719 11422208
sda 0.11 0.58 1.75 98808 298164
sdd 0.29 0.02 14.62 3643 2491468
dm-0 0.11 0.35 0.11 59753 18112
dm-1 0.01 0.19 1.64 32885 280044
dm-2 0.00 0.02 0.00 3613 4
dm-3 0.00 0.00 0.00 561 4
dm-4 0.00 0.00 0.00 456 0
dm-5 0.00 0.00 0.00 456 0
dm-6 0.00 0.00 0.00 456 0
bcache0 0.31 0.01 18.05 1320 3076480
Shared memory allows processes to access common structures and data by placing them in shared memory segments. It is the fastest form of inter-process communication available since no kernel involvement occurs when data is passed between the processes. In fact, data does not need to be copied between the processes.
Some parameters need to be configured.
A helper script /etc/scripts/shmsetup will define values for the system when run.
In the case of a Linux container, it will inherit from host values. So these are defined in our host machine.