diff --git a/tech_docs/lab/rhcsa_lab.md b/tech_docs/lab/rhcsa_lab.md index 02e1aca..9fc532b 100644 --- a/tech_docs/lab/rhcsa_lab.md +++ b/tech_docs/lab/rhcsa_lab.md @@ -1,3 +1,268 @@ +# Complete Optimized LVM Setup Guide for Dell Optiplex with Dual SSDs + +## System Specifications +- Device: Dell Optiplex +- CPU: Intel Core i7-4790 +- RAM: 32GB +- Storage: + - Drive 1 (sda): Samsung SSD 860 PRO 512GB (476.9G usable) + - Drive 2 (sdb): PNY CS900 120GB SSD (111.8G usable) + +## 1. Partition Scheme and LVM Setup + +### System Drive (sdb - PNY CS900 111.8GB): +- /dev/sdb1 - 1GB - /boot (standard partition, ext4) +- /dev/sdb2 - 1GB - /boot/efi (standard partition, FAT32) +- /dev/sdb3 - Rest of sdb (~109.8GB) - LVM Physical Volume + +LVM setup on sdb: +Volume Group: vg_system + +Logical Volumes: +- lv_root - 30GB - / +- lv_home - 25GB - /home +- lv_var - 15GB - /var +- lv_tmp - 5GB - /tmp +- lv_swap - 16GB - swap +- lv_snap - Rest of space - Reserved for snapshots + +### Data Drive (sda - Samsung 860 PRO 476.9GB): +- /dev/sda1 - Entire disk - LVM Physical Volume + +LVM setup on sda: +Volume Group: vg_data + +Logical Volumes: +- lv_vms - 400GB - /vms (for storing virtual machines) +- lv_data - Rest of space (~76.9GB) - /data (for additional data and LVM practice) + +All filesystems will use XFS except for swap and boot partitions. + +## 2. Installation Process + +1. Boot from Rocky Linux installation media. + +2. In the installation wizard: + a. Select language and keyboard layout. + b. Set time zone. + c. In the Installation Destination section: + - Select both SSDs. + - Choose "Custom" partitioning. + - Create partitions and LVM setup as per the scheme above. + d. Set root password and create a non-root user. + e. Begin the installation. + +3. After installation completes, reboot the system. + +## 3. Post-Installation LVM Setup + +After first boot, set up the data drive: + +```bash +sudo pvcreate /dev/sda +sudo vgcreate vg_data /dev/sda +sudo lvcreate -L 400G -n lv_vms vg_data +sudo lvcreate -l 100%FREE -n lv_data vg_data +sudo mkfs.xfs /dev/vg_data/lv_vms +sudo mkfs.xfs /dev/vg_data/lv_data +sudo mkdir /vms /data +echo "/dev/vg_data/lv_vms /vms xfs defaults,discard 0 0" | sudo tee -a /etc/fstab +echo "/dev/vg_data/lv_data /data xfs defaults,discard 0 0" | sudo tee -a /etc/fstab +sudo mount -a +``` + +## 4. Initial OS Setup and Optimization + +1. Update the system: + ```bash + sudo dnf update -y + ``` + +2. Install essential packages: + ```bash + sudo dnf install -y vim tmux htop iftop iotop git wget curl + ``` + +3. Configure firewall: + ```bash + sudo systemctl enable firewalld + sudo systemctl start firewalld + sudo firewall-cmd --set-default-zone=public + sudo firewall-cmd --add-service=ssh --permanent + sudo firewall-cmd --reload + ``` + +4. Secure SSH: + Edit `/etc/ssh/sshd_config`: + ```bash + sudo vim /etc/ssh/sshd_config + ``` + Make these changes: + - Change `#PermitRootLogin yes` to `PermitRootLogin no` + - Set `PasswordAuthentication no` if using SSH keys + - Add `AllowUsers your_username` at the end of the file + + Restart SSH service: + ```bash + sudo systemctl restart sshd + ``` + +5. Set up automatic security updates: + ```bash + sudo dnf install dnf-automatic -y + sudo systemctl enable --now dnf-automatic.timer + ``` + +6. Configure NTP for accurate system time: + ```bash + sudo dnf install chrony -y + sudo systemctl enable --now chronyd + ``` + +7. Optimize SSD performance: + Enable TRIM support: + ```bash + sudo systemctl enable fstrim.timer + sudo systemctl start fstrim.timer + ``` + + Add `discard` option to fstab for all SSD partitions: + ```bash + sudo sed -i 's/defaults/defaults,discard/' /etc/fstab + ``` + + Optimize I/O scheduler for SSDs: + ```bash + echo 'ACTION=="add|change", KERNEL=="sd[ab]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="mq-deadline"' | sudo tee /etc/udev/rules.d/60-schedulers.rules + ``` + +8. Optimize system performance: + Edit `/etc/sysctl.conf`: + ```bash + sudo vim /etc/sysctl.conf + ``` + Add these lines: + ``` + # Increase system file descriptor limit + fs.file-max = 100000 + + # Optimize network performance + net.core.somaxconn = 1024 + net.core.netdev_max_backlog = 5000 + net.core.rmem_max = 16777216 + net.core.wmem_max = 16777216 + net.ipv4.tcp_wmem = 4096 12582912 16777216 + net.ipv4.tcp_rmem = 4096 12582912 16777216 + net.ipv4.tcp_max_syn_backlog = 8096 + net.ipv4.tcp_slow_start_after_idle = 0 + net.ipv4.tcp_tw_reuse = 1 + ``` + Apply changes: + ```bash + sudo sysctl -p + ``` + +9. Set up fail2ban to protect against brute force attacks: + ```bash + sudo dnf install fail2ban -y + sudo systemctl enable --now fail2ban + sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local + sudo sed -i 's/bantime = 10m/bantime = 1h/' /etc/fail2ban/jail.local + sudo sed -i 's/maxretry = 5/maxretry = 3/' /etc/fail2ban/jail.local + sudo systemctl restart fail2ban + ``` + +10. Enable KVM nested virtualization for better VM performance: + ```bash + echo "options kvm-intel nested=1" | sudo tee /etc/modprobe.d/kvm-intel.conf + ``` + +11. Set up a basic backup script: + Create `/usr/local/bin/backup.sh`: + ```bash + sudo tee /usr/local/bin/backup.sh > /dev/null << EOL + #!/bin/bash + BACKUP_DIR="/data/backups" + DIRS_TO_BACKUP=("/etc" "/home" "/var/log") + + mkdir -p \$BACKUP_DIR + for dir in "\${DIRS_TO_BACKUP[@]}"; do + tar -czf \$BACKUP_DIR/\$(basename \$dir)-\$(date +%F).tar.gz \$dir + done + + # Keep only the last 7 backups + find \$BACKUP_DIR -type f -mtime +7 -delete + EOL + + sudo chmod +x /usr/local/bin/backup.sh + ``` + Set up a cron job to run it daily: + ```bash + echo "0 2 * * * /usr/local/bin/backup.sh" | sudo tee -a /etc/crontab + ``` + +12. Reboot to ensure all changes take effect: + ```bash + sudo reboot + ``` + +## 5. Verification and Management Commands + +- Display LVM information: + ```bash + sudo vgs # View Volume Groups + sudo lvs # View Logical Volumes + sudo pvs # View Physical Volumes + ``` + +- Extend a Logical Volume: + ```bash + sudo lvextend -L +10G /dev/vg_data/lv_data + sudo xfs_growfs /data + ``` + +- Create a snapshot: + ```bash + sudo lvcreate -L 5G -s -n lv_data_snapshot /dev/vg_data/lv_data + ``` + +- Merge a snapshot: + ```bash + sudo lvconvert --merge /dev/vg_data/lv_data_snapshot + ``` + +- Check disk usage: + ```bash + df -h + ``` + +- Monitor system performance: + ```bash + htop + ``` + +- View current LVM layout: + ```bash + sudo lvdisplay + sudo vgdisplay + ``` + +## 6. Next Steps and Learning Opportunities + +1. Practice creating and managing LVM snapshots on the lv_data volume. +2. Experiment with extending and reducing logical volume sizes. +3. Set up a KVM virtual machine in the /vms directory and practice VM management. +4. Learn about LVM striping and mirroring (for future multi-disk setups). +5. Explore LVM thin provisioning for efficient storage use in VM environments. + +## Conclusion + +This setup provides a robust, flexible, and optimized system for your Dell Optiplex with dual SSDs. The LVM configuration allows for easy management and expansion of storage. Remember to regularly update your system, monitor performance, and perform backups, especially before making significant changes to the LVM structure. + +As you become more comfortable with LVM, explore advanced features and always test in a safe environment before applying changes to critical data. + +--- + # **Complete Rocky Linux Lab Setup: Virtualization, Automation, and Networking** This guide provides a step-by-step process for setting up an advanced lab environment on Rocky Linux, including virtualization, automation, networking, security, and monitoring. It covers everything from system preparation to multi-VM setups using Vagrant and libvirt.