medusa/the_information_nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3607b71f2ec51b6ca79855eace6ee92d95fd8e2c
the_information_nexus/tech_docs/lab/rhcsa_lab.md

18 KiB
Raw Blame History

Complete Optimized LVM Setup Guide for Dell Optiplex with Dual SSDs

System Specifications

  • Device: Dell Optiplex
  • CPU: Intel Core i7-4790
  • RAM: 32GB
  • Storage:
    • Drive 1 (sda): Samsung SSD 860 PRO 512GB (476.9G usable)
    • Drive 2 (sdb): PNY CS900 120GB SSD (111.8G usable)

1. Partition Scheme and LVM Setup

System Drive (sdb - PNY CS900 111.8GB):

  • /dev/sdb1 - 1GB - /boot (standard partition, ext4)
  • /dev/sdb2 - 1GB - /boot/efi (standard partition, FAT32)
  • /dev/sdb3 - Rest of sdb (~109.8GB) - LVM Physical Volume

LVM setup on sdb: Volume Group: vg_system

Logical Volumes:

  • lv_root - 30GB - /
  • lv_home - 25GB - /home
  • lv_var - 15GB - /var
  • lv_tmp - 5GB - /tmp
  • lv_swap - 16GB - swap
  • lv_snap - Rest of space - Reserved for snapshots

Data Drive (sda - Samsung 860 PRO 476.9GB):

  • /dev/sda1 - Entire disk - LVM Physical Volume

LVM setup on sda: Volume Group: vg_data

Logical Volumes:

  • lv_vms - 400GB - /vms (for storing virtual machines)
  • lv_data - Rest of space (~76.9GB) - /data (for additional data and LVM practice)

All filesystems will use XFS except for swap and boot partitions.

2. Installation Process

  1. Boot from Rocky Linux installation media.

  2. In the installation wizard: a. Select language and keyboard layout. b. Set time zone. c. In the Installation Destination section:

    • Select both SSDs.
    • Choose "Custom" partitioning.
    • Create partitions and LVM setup as per the scheme above. d. Set root password and create a non-root user. e. Begin the installation.

  3. After installation completes, reboot the system.

3. Post-Installation LVM Setup

After first boot, set up the data drive:

sudo pvcreate /dev/sda
sudo vgcreate vg_data /dev/sda
sudo lvcreate -L 400G -n lv_vms vg_data
sudo lvcreate -l 100%FREE -n lv_data vg_data
sudo mkfs.xfs /dev/vg_data/lv_vms
sudo mkfs.xfs /dev/vg_data/lv_data
sudo mkdir /vms /data
echo "/dev/vg_data/lv_vms /vms xfs defaults,discard 0 0" | sudo tee -a /etc/fstab
echo "/dev/vg_data/lv_data /data xfs defaults,discard 0 0" | sudo tee -a /etc/fstab
sudo mount -a

4. Initial OS Setup and Optimization

  1. Update the system:

    sudo dnf update -y

  2. Install essential packages:

    sudo dnf install -y vim tmux htop iftop iotop git wget curl

  3. Configure firewall:

    sudo systemctl enable firewalld
sudo systemctl start firewalld
sudo firewall-cmd --set-default-zone=public
sudo firewall-cmd --add-service=ssh --permanent
sudo firewall-cmd --reload

  4. Secure SSH: Edit /etc/ssh/sshd_config:

    sudo vim /etc/ssh/sshd_config

    Make these changes:

    • Change #PermitRootLogin yes to PermitRootLogin no
    • Set PasswordAuthentication no if using SSH keys
    • Add AllowUsers your_username at the end of the file

    Restart SSH service:

    sudo systemctl restart sshd

  5. Set up automatic security updates:

    sudo dnf install dnf-automatic -y
sudo systemctl enable --now dnf-automatic.timer

  6. Configure NTP for accurate system time:

    sudo dnf install chrony -y
sudo systemctl enable --now chronyd

  7. Optimize SSD performance: Enable TRIM support:

    sudo systemctl enable fstrim.timer
sudo systemctl start fstrim.timer

    Add discard option to fstab for all SSD partitions:

    sudo sed -i 's/defaults/defaults,discard/' /etc/fstab

    Optimize I/O scheduler for SSDs:

    echo 'ACTION=="add|change", KERNEL=="sd[ab]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="mq-deadline"' | sudo tee /etc/udev/rules.d/60-schedulers.rules

  8. Optimize system performance: Edit /etc/sysctl.conf:

    sudo vim /etc/sysctl.conf

    Add these lines:

    # Increase system file descriptor limit
fs.file-max = 100000

# Optimize network performance
net.core.somaxconn = 1024
net.core.netdev_max_backlog = 5000
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_wmem = 4096 12582912 16777216
net.ipv4.tcp_rmem = 4096 12582912 16777216
net.ipv4.tcp_max_syn_backlog = 8096
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.tcp_tw_reuse = 1

    Apply changes:

    sudo sysctl -p

  9. Set up fail2ban to protect against brute force attacks:

    sudo dnf install fail2ban -y
sudo systemctl enable --now fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo sed -i 's/bantime  = 10m/bantime  = 1h/' /etc/fail2ban/jail.local
sudo sed -i 's/maxretry = 5/maxretry = 3/' /etc/fail2ban/jail.local
sudo systemctl restart fail2ban

  10. Enable KVM nested virtualization for better VM performance:

    echo "options kvm-intel nested=1" | sudo tee /etc/modprobe.d/kvm-intel.conf

  11. Set up a basic backup script: Create /usr/local/bin/backup.sh:

    sudo tee /usr/local/bin/backup.sh > /dev/null << EOL
#!/bin/bash
BACKUP_DIR="/data/backups"
DIRS_TO_BACKUP=("/etc" "/home" "/var/log")

mkdir -p \$BACKUP_DIR
for dir in "\${DIRS_TO_BACKUP[@]}"; do
    tar -czf \$BACKUP_DIR/\$(basename \$dir)-\$(date +%F).tar.gz \$dir
done

# Keep only the last 7 backups
find \$BACKUP_DIR -type f -mtime +7 -delete
EOL

sudo chmod +x /usr/local/bin/backup.sh

    Set up a cron job to run it daily:

    echo "0 2 * * * /usr/local/bin/backup.sh" | sudo tee -a /etc/crontab

  12. Reboot to ensure all changes take effect:

    sudo reboot

5. Verification and Management Commands

  • Display LVM information:

    sudo vgs    # View Volume Groups
sudo lvs    # View Logical Volumes
sudo pvs    # View Physical Volumes

  • Extend a Logical Volume:

    sudo lvextend -L +10G /dev/vg_data/lv_data
sudo xfs_growfs /data

  • Create a snapshot:

    sudo lvcreate -L 5G -s -n lv_data_snapshot /dev/vg_data/lv_data

  • Merge a snapshot:

    sudo lvconvert --merge /dev/vg_data/lv_data_snapshot

  • Check disk usage:

    df -h

  • Monitor system performance:

    htop

  • View current LVM layout:

    sudo lvdisplay
sudo vgdisplay

6. Next Steps and Learning Opportunities

  1. Practice creating and managing LVM snapshots on the lv_data volume.
  2. Experiment with extending and reducing logical volume sizes.
  3. Set up a KVM virtual machine in the /vms directory and practice VM management.
  4. Learn about LVM striping and mirroring (for future multi-disk setups).
  5. Explore LVM thin provisioning for efficient storage use in VM environments.

Conclusion

This setup provides a robust, flexible, and optimized system for your Dell Optiplex with dual SSDs. The LVM configuration allows for easy management and expansion of storage. Remember to regularly update your system, monitor performance, and perform backups, especially before making significant changes to the LVM structure.

As you become more comfortable with LVM, explore advanced features and always test in a safe environment before applying changes to critical data.

Complete Rocky Linux Lab Setup: Virtualization, Automation, and Networking

This guide provides a step-by-step process for setting up an advanced lab environment on Rocky Linux, including virtualization, automation, networking, security, and monitoring. It covers everything from system preparation to multi-VM setups using Vagrant and libvirt.

Step 1: System Update and Repository Configuration

Start by updating your system and configuring necessary repositories.

  1. Update the system:

    sudo dnf update -y

  2. Enable the CodeReady Builder (CRB) repository:

    sudo dnf config-manager --set-enabled crb

  3. Add the HashiCorp repository for Vagrant:

    sudo dnf config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo

  4. Import the GPG key for security (optional but recommended):

    sudo rpm --import https://rpm.releases.hashicorp.com/gpg

  5. Refresh the package cache:

    sudo dnf makecache

Step 2: Install Required Tools

Install all necessary packages for virtualization, development, automation, and monitoring tools.

sudo dnf install -y \
  qemu-kvm \
  libvirt \
  libvirt-daemon-driver-qemu \
  libvirt-devel \
  vagrant \
  ruby-devel \
  gcc \
  ansible \
  python3 \
  python3-pip \
  bridge-utils \
  net-tools \
  wget \
  curl \
  vim \
  git \
  htop \
  iotop \
  iftop \
  firewalld \
  unzip \
  kernel-devel \
  kernel-headers

Optional: For a full development environment, install the complete "Development Tools" group:

sudo dnf groupinstall -y "Development Tools"

Step 3: Enable and Start Services

Ensure the essential services for virtualization and security are running, and update your user permissions for VM management.

  1. Enable and start libvirt:

    sudo systemctl enable --now libvirtd

  2. Enable and start firewalld:

    sudo systemctl enable --now firewalld

  3. Add your user to the libvirt group:

    sudo usermod -aG libvirt $USER

  4. Log out and log back in or run the following command to apply group membership:

    newgrp libvirt

Step 4: Install Vagrant Plugins and Python Setup

Install the vagrant-libvirt plugin and ensure Python is fully set up.

  1. Install the vagrant-libvirt plugin:

    vagrant plugin install vagrant-libvirt

  2. Ensure pip is upgraded:

    python3 -m pip install --upgrade pip

  3. Optional: Use Python virtual environments to avoid affecting system-wide packages:

    python3 -m venv ~/venv
source ~/venv/bin/activate

Step 5: Create and Run Virtual Machines

Now that everything is installed, set up and run multiple virtual machines using Vagrant.

  1. Create a Vagrant project directory and initialize:

    mkdir ~/vagrant-lab
cd ~/vagrant-lab
vagrant init generic/rocky9

  2. Modify the Vagrantfile for a multi-VM setup (web and database servers):

    Vagrant.configure("2") do |config|
  config.vm.box = "generic/rocky9"

  # Web server VM
  config.vm.define "web" do |web|
    web.vm.provider "libvirt" do |libvirt|
      libvirt.memory = 2048
      libvirt.cpus = 2
    end
    web.vm.network "private_network", ip: "192.168.56.10"
    web.vm.hostname = "webserver"
  end

  # Database server VM
  config.vm.define "db" do |db|
    db.vm.provider "libvirt" do |libvirt|
      libvirt.memory = 4096
      libvirt.cpus = 2
    end
    db.vm.network "private_network", ip: "192.168.56.11"
    db.vm.hostname = "dbserver"
  end
end

  3. Bring up the VMs:

    vagrant up --provider=libvirt

  4. SSH into the VMs:

    vagrant ssh web
vagrant ssh db

Step 6: Verify Virtualization and Networking

Ensure the virtual machines are running correctly and networked.

  1. List running virtual machines:

    sudo virsh list --all

  2. Check network interfaces:

    ip a

  3. Verify that the virbr0 bridge is active:

    ip link show virbr0

Step 7: Test Ansible and Python Setup

Verify that Ansible and Python are ready for automation tasks.

  1. Check Ansible version:

    ansible --version

  2. Test Python and pip:

    python3 --version
pip3 --version

  3. Create an Ansible inventory file for the VMs:

    [webservers]
webserver ansible_host=192.168.56.10 ansible_user=vagrant ansible_private_key_file=.vagrant/machines/web/libvirt/private_key

[dbservers]
dbserver ansible_host=192.168.56.11 ansible_user=vagrant ansible_private_key_file=.vagrant/machines/db/libvirt/private_key

Step 8: Configure Security

Set up firewalld and SELinux to secure your environment.

  1. Allow web traffic on firewalld:

    sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --reload

  2. Enable SELinux for web services:

    sudo setsebool -P httpd_can_network_connect on

Additional Suggestions

  • Automate VM Provisioning: Use Ansible playbooks to install services on the VMs. For example:

    ---
- hosts: webservers
  tasks:
    - name: Install Apache
      yum:
        name: httpd
        state: present
    - name: Start Apache
      service:
        name: httpd
        state: started
        enabled: true

  • Configure Static IPs: This is useful for consistent VM addresses.

  • Resource Monitoring: Use htop, iotop, and iftop inside the VMs for CPU, disk, and network monitoring.

Summary of Key Commands

# System update and repository configuration
sudo dnf update -y
sudo dnf config-manager --set-enabled crb
sudo dnf config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
sudo rpm --import https://rpm.releases.hashicorp.com/gpg
sudo dnf makecache

# Install necessary packages
sudo dnf install -y qemu-kvm libvirt libvirt-daemon-driver-qemu libvirt-devel vagrant ansible python3 python3-pip \
bridge-utils net-tools wget curl vim git htop iotop iftop firewalld unzip kernel-devel kernel-headers

# Enable and start services
sudo systemctl enable --now libvirtd
sudo systemctl enable --now firewalld
sudo usermod -aG libvirt $USER
# Log out and log back in or use `newgrp libvirt`

# Install vagrant-libvirt plugin
vagrant plugin install vagrant-libvirt

# Test Python and Ansible
python3 --version
pip3 --version
ansible --version

To focus solely on automating the base system setup for your Rocky Linux lab, we can use Ansible to ensure that all necessary tools, services, and configurations are applied efficiently. This setup will automate installing dependencies, enabling services, configuring the network, and preparing the system for future use.

Heres how you can automate the entire base system setup using Ansible:

Automating the Base System Setup with Ansible

Step 1: Create an Ansible Playbook for Base System Setup

The following playbook will handle:

  • System updates.
  • Enabling repositories.
  • Installing required packages for virtualization, development tools, and networking.
  • Enabling services like libvirt and firewalld.
  • Adding the user to the libvirt group.

Base System Setup Playbook (setup-host.yml)

---
- hosts: localhost
  become: yes
  tasks:
    # Update all packages and refresh cache
    - name: Update the system
      dnf:
        name: "*"
        state: latest
        update_cache: yes

    # Enable CodeReady Builder (CRB) repository
    - name: Enable CodeReady Builder repository
      command: dnf config-manager --set-enabled crb

    # Add HashiCorp repository for Vagrant
    - name: Add HashiCorp repository for Vagrant
      command: dnf config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo

    # Refresh dnf cache
    - name: Refresh dnf cache
      command: dnf makecache

    # Install necessary packages for virtualization, development, networking, and monitoring
    - name: Install required packages
      dnf:
        name:
          - qemu-kvm
          - libvirt
          - libvirt-daemon-driver-qemu
          - libvirt-devel
          - vagrant
          - ruby-devel
          - gcc
          - ansible
          - python3
          - python3-pip
          - bridge-utils
          - net-tools
          - wget
          - curl
          - vim
          - git
          - htop
          - iotop
          - iftop
          - firewalld
          - unzip
          - kernel-devel
          - kernel-headers
        state: present

    # Enable and start libvirt service
    - name: Enable and start libvirt service
      systemd:
        name: libvirtd
        enabled: yes
        state: started

    # Enable and start firewalld service
    - name: Enable and start firewalld service
      systemd:
        name: firewalld
        enabled: yes
        state: started

    # Add the user to the libvirt group to allow non-root VM management
    - name: Add user to libvirt group
      user:
        name: "{{ ansible_user }}"
        groups: libvirt
        append: yes

Step 2: Run the Ansible Playbook

  1. Save the playbook to a file called setup-host.yml.

  2. Run the Ansible playbook to automate the entire base system setup:

    ansible-playbook setup-host.yml

Step 3: Post-Setup Instructions

  1. Reboot the System: After running the playbook, its recommended to reboot the system to ensure all services start properly and the group changes take effect:

    sudo reboot

  2. Verify Installation: Once the system is back online, verify that all services are enabled and working:

    • Check if libvirt is running:

      systemctl status libvirtd

    • Check if firewalld is running:

      systemctl status firewalld

    • Ensure the user is added to the libvirt group:

      groups $USER

What This Playbook Does

  1. System Updates: It ensures your system is up to date and refreshes the DNF cache.
  2. Enabling Repositories: The playbook enables the CodeReady Builder (CRB) repository for development tools and adds the HashiCorp repository for Vagrant.
  3. Installing Required Packages: Installs all necessary tools for virtualization (KVM, libvirt), development (GCC, Ruby), and system monitoring (htop, iotop, iftop).
  4. Enabling Services: Automatically enables and starts key services like libvirtd (for VM management) and firewalld (for security).
  5. User Management: Adds your user to the libvirt group, allowing you to manage VMs without needing root privileges.

Conclusion

This automated base system setup ensures that your Rocky Linux environment is fully prepared for future lab deployments and VM management without manual intervention. Once the playbook is run, your system will be ready with all necessary tools and services enabled.

Let me know if you want to add any more specific features or adjustments!