Update tech_docs/lab/rhcsa_lab.md

2024-09-26 15:20:46 +00:00
parent 230c33f958
commit 7866782346
1 changed files with 265 additions and 0 deletions
--- a/tech_docs/lab/rhcsa_lab.md
+++ b/tech_docs/lab/rhcsa_lab.md
@@ -1,3 +1,268 @@
 # Complete Optimized LVM Setup Guide for Dell Optiplex with Dual SSDs
 ## System Specifications
 - Device: Dell Optiplex
 - CPU: Intel Core i7-4790
 - RAM: 32GB
 - Storage:
  - Drive 1 (sda): Samsung SSD 860 PRO 512GB (476.9G usable)
  - Drive 2 (sdb): PNY CS900 120GB SSD (111.8G usable)
 ## 1. Partition Scheme and LVM Setup
 ### System Drive (sdb - PNY CS900 111.8GB):
 - /dev/sdb1 - 1GB   - /boot (standard partition, ext4)
 - /dev/sdb2 - 1GB   - /boot/efi (standard partition, FAT32)
 - /dev/sdb3 - Rest of sdb (~109.8GB) - LVM Physical Volume
 LVM setup on sdb:
 Volume Group: vg_system
 Logical Volumes:
 - lv_root  - 30GB  - /
 - lv_home  - 25GB  - /home
 - lv_var   - 15GB  - /var
 - lv_tmp   - 5GB   - /tmp
 - lv_swap  - 16GB  - swap
 - lv_snap  - Rest of space - Reserved for snapshots
 ### Data Drive (sda - Samsung 860 PRO 476.9GB):
 - /dev/sda1 - Entire disk - LVM Physical Volume
 LVM setup on sda:
 Volume Group: vg_data
 Logical Volumes:
 - lv_vms   - 400GB - /vms (for storing virtual machines)
 - lv_data  - Rest of space (~76.9GB) - /data (for additional data and LVM practice)
 All filesystems will use XFS except for swap and boot partitions.
 ## 2. Installation Process
 1. Boot from Rocky Linux installation media.
 2. In the installation wizard:
   a. Select language and keyboard layout.
   b. Set time zone.
   c. In the Installation Destination section:
      - Select both SSDs.
      - Choose "Custom" partitioning.
      - Create partitions and LVM setup as per the scheme above.
   d. Set root password and create a non-root user.
   e. Begin the installation.
 3. After installation completes, reboot the system.
 ## 3. Post-Installation LVM Setup
 After first boot, set up the data drive:
 ```bash
 sudo pvcreate /dev/sda
 sudo vgcreate vg_data /dev/sda
 sudo lvcreate -L 400G -n lv_vms vg_data
 sudo lvcreate -l 100%FREE -n lv_data vg_data
 sudo mkfs.xfs /dev/vg_data/lv_vms
 sudo mkfs.xfs /dev/vg_data/lv_data
 sudo mkdir /vms /data
 echo "/dev/vg_data/lv_vms /vms xfs defaults,discard 0 0" | sudo tee -a /etc/fstab
 echo "/dev/vg_data/lv_data /data xfs defaults,discard 0 0" | sudo tee -a /etc/fstab
 sudo mount -a
 ```
 ## 4. Initial OS Setup and Optimization
 1. Update the system:
   ```bash
   sudo dnf update -y
   ```
 2. Install essential packages:
   ```bash
   sudo dnf install -y vim tmux htop iftop iotop git wget curl
   ```
 3. Configure firewall:
   ```bash
   sudo systemctl enable firewalld
   sudo systemctl start firewalld
   sudo firewall-cmd --set-default-zone=public
   sudo firewall-cmd --add-service=ssh --permanent
   sudo firewall-cmd --reload
   ```
 4. Secure SSH:
   Edit `/etc/ssh/sshd_config`:
   ```bash
   sudo vim /etc/ssh/sshd_config
   ```
   Make these changes:
   - Change `#PermitRootLogin yes` to `PermitRootLogin no`
   - Set `PasswordAuthentication no` if using SSH keys
   - Add `AllowUsers your_username` at the end of the file
   Restart SSH service:
   ```bash
   sudo systemctl restart sshd
   ```
 5. Set up automatic security updates:
   ```bash
   sudo dnf install dnf-automatic -y
   sudo systemctl enable --now dnf-automatic.timer
   ```
 6. Configure NTP for accurate system time:
   ```bash
   sudo dnf install chrony -y
   sudo systemctl enable --now chronyd
   ```
 7. Optimize SSD performance:
   Enable TRIM support:
   ```bash
   sudo systemctl enable fstrim.timer
   sudo systemctl start fstrim.timer
   ```
   Add `discard` option to fstab for all SSD partitions:
   ```bash
   sudo sed -i 's/defaults/defaults,discard/' /etc/fstab
   ```
   Optimize I/O scheduler for SSDs:
   ```bash
   echo 'ACTION=="add|change", KERNEL=="sd[ab]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="mq-deadline"' | sudo tee /etc/udev/rules.d/60-schedulers.rules
   ```
 8. Optimize system performance:
   Edit `/etc/sysctl.conf`:
   ```bash
   sudo vim /etc/sysctl.conf
   ```
   Add these lines:
   ```
   # Increase system file descriptor limit
   fs.file-max = 100000
   # Optimize network performance
   net.core.somaxconn = 1024
   net.core.netdev_max_backlog = 5000
   net.core.rmem_max = 16777216
   net.core.wmem_max = 16777216
   net.ipv4.tcp_wmem = 4096 12582912 16777216
   net.ipv4.tcp_rmem = 4096 12582912 16777216
   net.ipv4.tcp_max_syn_backlog = 8096
   net.ipv4.tcp_slow_start_after_idle = 0
   net.ipv4.tcp_tw_reuse = 1
   ```
   Apply changes:
   ```bash
   sudo sysctl -p
   ```
 9. Set up fail2ban to protect against brute force attacks:
   ```bash
   sudo dnf install fail2ban -y
   sudo systemctl enable --now fail2ban
   sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
   sudo sed -i 's/bantime  = 10m/bantime  = 1h/' /etc/fail2ban/jail.local
   sudo sed -i 's/maxretry = 5/maxretry = 3/' /etc/fail2ban/jail.local
   sudo systemctl restart fail2ban
   ```
 10. Enable KVM nested virtualization for better VM performance:
    ```bash
    echo "options kvm-intel nested=1" | sudo tee /etc/modprobe.d/kvm-intel.conf
    ```
 11. Set up a basic backup script:
    Create `/usr/local/bin/backup.sh`:
    ```bash
    sudo tee /usr/local/bin/backup.sh > /dev/null << EOL
    #!/bin/bash
    BACKUP_DIR="/data/backups"
    DIRS_TO_BACKUP=("/etc" "/home" "/var/log")
    mkdir -p \$BACKUP_DIR
    for dir in "\${DIRS_TO_BACKUP[@]}"; do
        tar -czf \$BACKUP_DIR/\$(basename \$dir)-\$(date +%F).tar.gz \$dir
    done
    # Keep only the last 7 backups
    find \$BACKUP_DIR -type f -mtime +7 -delete
    EOL
    sudo chmod +x /usr/local/bin/backup.sh
    ```
    Set up a cron job to run it daily:
    ```bash
    echo "0 2 * * * /usr/local/bin/backup.sh" | sudo tee -a /etc/crontab
    ```
 12. Reboot to ensure all changes take effect:
    ```bash
    sudo reboot
    ```
 ## 5. Verification and Management Commands
 - Display LVM information:
  ```bash
  sudo vgs    # View Volume Groups
  sudo lvs    # View Logical Volumes
  sudo pvs    # View Physical Volumes
  ```
 - Extend a Logical Volume:
  ```bash
  sudo lvextend -L +10G /dev/vg_data/lv_data
  sudo xfs_growfs /data
  ```
 - Create a snapshot:
  ```bash
  sudo lvcreate -L 5G -s -n lv_data_snapshot /dev/vg_data/lv_data
  ```
 - Merge a snapshot:
  ```bash
  sudo lvconvert --merge /dev/vg_data/lv_data_snapshot
  ```
 - Check disk usage:
  ```bash
  df -h
  ```
 - Monitor system performance:
  ```bash
  htop
  ```
 - View current LVM layout:
  ```bash
  sudo lvdisplay
  sudo vgdisplay
  ```
 ## 6. Next Steps and Learning Opportunities
 1. Practice creating and managing LVM snapshots on the lv_data volume.
 2. Experiment with extending and reducing logical volume sizes.
 3. Set up a KVM virtual machine in the /vms directory and practice VM management.
 4. Learn about LVM striping and mirroring (for future multi-disk setups).
 5. Explore LVM thin provisioning for efficient storage use in VM environments.
 ## Conclusion
 This setup provides a robust, flexible, and optimized system for your Dell Optiplex with dual SSDs. The LVM configuration allows for easy management and expansion of storage. Remember to regularly update your system, monitor performance, and perform backups, especially before making significant changes to the LVM structure.
 As you become more comfortable with LVM, explore advanced features and always test in a safe environment before applying changes to critical data.
 ---
 # **Complete Rocky Linux Lab Setup: Virtualization, Automation, and Networking**
 This guide provides a step-by-step process for setting up an advanced lab environment on Rocky Linux, including virtualization, automation, networking, security, and monitoring. It covers everything from system preparation to multi-VM setups using Vagrant and libvirt.