How to save LDOM configuration and restore from xml file

https://www.thegeekdiary.com/how-to-save-ldom-configuration-and-restore-from-xml-file/

Saving LDOM configuration

To save constraints of a single domain :

# ldm list-constraints -x ldom_name > ldom_name.xml

To save constraints of all the domains :

# ldm list-constraints -x > all_ldoms.xml


Restoring LDOM configuration

There are 2 ways to restore a LDOM configuration.
1. Using ldm add-domain command and xml file
2. Using ldm init-system command and xml file

Using ldm-add domain command

Build domain by using the xml file

# ldm add-domain -i ldom01.xml


Bind and start the LDOM

# ldm bind ldom01
# ldm start ldom01


Using ldm init-system command

1. Restore primary domain configuration
Ensure that the current sp configuration is factory default. If not set it to factory default. Refer the post here.
primary# ldm list-config | grep “factory-default”
factory-default [current]

primary# ldm init-system -r -i primary.xml
-r -> reboot after configuration is complete
-i -> specify xml file location


2. Restore all domains configuration
We can also restore all the domains configuration ata time using ldm init-system and xml configuration file.

# ldm init-system -r -i all_ldoms.xml


After the system reboots, bind and restart all the domains.

# ldm bind ldom01 
# ldm start ldom01
# ldm bind ldom02
# ldm start ldom02

How to save LDOM configuration and restore from xml file

https://www.thegeekdiary.com/how-to-save-ldom-configuration-and-restore-from-xml-file/

https://www.thegeekdiary.com/how-to-save-ldom-configuration-and-restore-from-xml-file/

SAN Related Questions and Answers..............

What is SAN storage and how it works?

A Storage Area Network is a high-speed sub network of shared storage devices. A SAN's architecture works in a way that makes all storage devices available to all servers on a LAN or WAN. As more storage devices are added to a SAN, they too will be accessible from any server in the larger network.

zoning

In a storage area network (SAN), zoning is the allocation of resources for device load balancing and for selectively allowing access to data only to certain users. Essentially, zoning allows an administrator to control who can see what in a SAN.

Zoning is done using a structure similar to that of a computer file system. A zone is the equivalent of a folder or directory. Zoning can be either hard or soft. In hard zoning, each device is assigned to a particular zone, and this assignment does not change. In soft zoning, device assignments can be changed by the network administrator to accommodate variations in the demands on different servers in the network.

The user of zoning is said to minimize the risk of data corruption, help secure data against hackers, slow the spread of viruses and worms, and minimize the time necessary for servers to reboot. However, zoning can complicate the scaling process if the number of users and servers in a SAN increases significantly in a short period of time.

Difference between SAN and NAS

Storage area networks (SANs) and network attached storage (NAS) both provide networked storage solutions. A NAS is a single storage device that operates on data files, while a SAN is a local network of multiple devices.

The differences between NAS and SAN can be seen when comparing their cabling and how they're connected to the system, as well as how other devices communicate with them. However, the two are sometimes used together to form what's known as a unified SAN.

SAN vs. NAS Technology

A NAS unit includes a dedicated hardware device that connects to a local area network, usually through an Ethernet connection. This NAS server authenticates clients and manages file operations in much the same manner as traditional file servers, through well-established network protocols.

To reduce the costs that occur with traditional file servers, NAS devices generally run an embedded operating system on simplified hardware and lack peripherals like a monitor or keyboard and are instead managed through a browser tool.

A SAN commonly utilizes Fibre Channel interconnects and connects a set of storage devices that are able to share data with one another.

Important NAS and SAN Benefits

The administrator of a home or small business network can connect one NAS device to a local area network. The device itself is a network node, much like computers and other TCP/IP devices, all of which maintain their own IP address and can effectively communicate with other networked devices.

Given that the network attached storage device is attached to the network, all the other devices on that same network have easy access to it (given that proper permissions are set up). Because of their centralized nature, NAS devices offer an easy way for multiple users to access the same data, which is important in situations where users are collaborating on projects or utilizing the same company standards.

Using a software program provided with the NAS hardware, a network administrator can set up automatic or manual backups and file copies between the NAS and all the other connected devices. Therefore, a NAS device is also useful for the opposite reason: to offload local data to the network storage device's much larger storage container.

This is useful not only to ensure that users do not lose data, since the NAS can be backed up on a regular schedule regardless of the end-user's ability to back up, but also to give other network devices a place to keep large files, especially large files that are often shared among other network users.

Without a NAS, users have to find another (often slower) means to send data to other devices on the network, like over email or physically with flash drives. The NAS holds many gigabytes or terabytes of data, and administrators can add additional storage capacity to their network by installing additional NAS devices, although each NAS operates independently.

Administrators of large enterprise networks may require many terabytes of centralized file storage or extremely high-speed file transfer operations. While installing an army of many NAS devices is not a practical option, administrators can instead install a SAN containing a high-performance disk array to provide the needed scalability and performance.

However, SANs are not always physical. You can also create virtual SANs (VSANs) that are defined by a software program. Virtual SANs are easier to manage and offer better scalability since they're hardware independent and controlled entirely by easy-to-change software.

Lun Masking vs Zoning

Zoning and Lun Masking are often confused for each other, probably because both of them are used to restrict access to storage.  They should both be used to secure the storage network and reduce unnecessary traffic.

Zoning

If you want to specify only certain hosts from accessing a storage device then you would want to setup zoning.  For instance, in the example below, you can see that the two servers on the right can access three of the four storage devices, whereas the two on the left can only access two of the SANs.  This configuration is done on the Fibre Channel switch.  iSCSI, NFS, and FCoE can also be segmented, but they would use typical TCPIP segmentation methods like setting up a VLAN.
There are two type of zoning techniques: Hard Zoning and Soft Zoning.
Soft zoning filters one device from seeing another device.  However, if the ports are manually setup, the switch will not stop the devices from communicating.  Hard zoning by comparison prevents one port from sending traffic to the other port and is more secure.
Zoning can also be setup based off the port or the World Wide Name (WWN).    Port zoning grants access from one port on a switch to another port on a switch.  This would require physical security to be setup around the Fibre Switch, because the zones could be changed around simply by moving the cables in the switch.  This also makes it more of a struggle for management if switches need to be moved or re-cabled.  WWN zoning is setup by allowing access between two WWNs which makes management a little easier, but also is susceptible to WWN spoofing which could allow access to the storage device.

LUN Masking

Once the zoning is done, we can further lock down access to the storage by setting up LUN  (Logical Unit Number)  Masking on the storage device.  The SAN would prevent certain devices from seeing a specific LUN that it is hosting.  This may be used more to keep a misbehaving server from accessing a LUN that it doesn’t need access to more than it is a security concern.
In the Example below we have taken a small subset of servers that are accessing one storage device.  The SAN is presenting four LUNs to the server on the right side (with the red arrows) but it is only presenting two LUNs to the server on the left (with the green arrows).

VLAN Vs Subnet

http://www.fiber-optic-transceiver-module.com/vlan-vs-subnet.html

Linux Performance Monitoring and Tuning Introduction

https://www.thegeekstuff.com/2011/03/linux-performance-monitoring-intro/?utm_source=feedburner

NFS CONFIGURATION IN RHEL

https://www.itzgeek.com/how-tos/linux/centos-how-tos/how-to-setup-nfs-server-on-centos-7-rhel-7-fedora-22.html

SAMBA CONFIGURATION IN RHEL 7

https://www.learnitguide.net/2016/08/configure-samba-server-on-rhel7-centos7.html

Linux Blog.......

http://www.linuxscrew.com/category/linux/

Solaris Blog.........

http://solaris-unlimited.blogspot.com

AIX Blog...

http://aix4admins.blogspot.com/

AWS Certifcation Catalog

AWS Certification Catalog

Link - http://jayendrapatil.com/

Snoop in Solaris 10

https://www.unixarena.com/2013/05/how-to-use-snoop-in-solaris.html/

RHCSA EXAM Questions & Answers

RHCSA EXAM Questions & Answers
**********************************************

RHCSA-VM configuration:

*you have been provided a virtual box named as serverX.example.com (hint:where X is your domain number)
* password for both virtual machine should be “Postroll”
*serverX.example.com provided with ip=172.25.X.11/255.255.255.0
*serverX.example.com are provided with gateway 172.25.254.254 & example.com dns domain with the IP: 172.25.254.254

*NOTE: I have Foundation Machine# 9, so I am using 172.25.9.11

nmcli connection add con-name eth0 ifname eth0 type ethernet ip4 172.25.9.11/24 gw4 172.25.254.254

nmcli connection modify eth0 ipv4.dns 172.25.254.254

nmcli connection modify eth0 ipv4.method manual

nmcli connection modify eth0 connection.autoconnect true

nmcli connection down eth0

nmcli connection up eth0

—————————-
* Set the Hostname

hostnamectl set-hostname server9.example.com

Before starting exam.

–> ping server-vm ip , desktop-vm ip and classroom.example.com
–> from server-vm ping base machine and server.
–> check hostname and IP address of server-vm and desktop-vm

ping 172.25.9.11

ping 172.25.9.10

ping 172.25.254.254

ping 172.25.254.9 ----> Your base Machine

ping example.com

* if the vm has set with multi-user.target then set it to graphical.target, but don’t forget to revert back to multi-user.target

systemctl get-default --> to check the running target

systemctl set-default graphical.target

—> mask the iptable servervice before starting exam.

systemctl mask iptables.service

systemctl mask ip6tables.service

1) configure Selinux

The machine should be running enforcing mode

vim /etc/selinux/config

Change this

SELINUX=enforcing

Don’t forget to Reboot it, so that I’ll take affect

2) create a new 100MB Physical partition mounted under /gluster
(Note because partition sizes are seldom exactly what is specified when they are created, any thing within the range of 70MB to 120MB is acceptable)

fdisk /dev/vdb ----- > Create the Partition of 100M

partx /dev/vdb

mkfs.ext4 /dev/vdb2 ------> Make a filesystem on it

mkdir -p /gluster -----> Create Directory to mount on it

blkid ------> Get the UUID of it

vim /etc/fstab --------> Create the mount point inside the fstab

UUID=c3ac5a96-80a9-44c3-b51e-9531e9ed9f08 /gluster ext4 defaults 0 0

mount -a ------> Mount it

df -hT ----> verify it is mounted

3) create a new 150MB swap partition f/s.
(Note because partition sizes are seldom exactly what is specified when they are created,
any thing within the range of 130MB to 170MB is acceptable)

fdisk /dev/vdb ----- > Create the Partition of 150M and set it's type 82 (which set its the swap type partition)

partx /dev/vdb --- If you didn't get the partition, just reboot the system, don't get panic

mkswap /dev/vdb3 ---> Make the swap on newly created Partition

swapon /dev/vdb3

swapon -a

vim /etc/fstab --------> Create the mount point inside the fstab

UUID=4f3e868d-c885-4e1f-b069-d56ba443a9b6 swap swap defaults 0 0

Verify:

free -m

swapon -s

4) create a repositary for http://content.example.com/rhel7.0/x86_64/dvd

vim /etc/yum.repos.d/rhcsa.repo

[localrepo]

name = Local Repo for RHCSA exam

baseurl = [url="http://content.example.com/rhel7.0/x86_64/dvd"]http://content.example.com/rhel7.0/x86_64/dvd[/url]

gpgcheck = 0

enabled = 1

Test:

yum clean all

yum list all

yum repolist

5) create the following user, groups, and group memberships:

–> A group named sysgrp
–> A user andrew who belongs to sysgrp as a secondary group
–> A user susan also belongs to sysgrp as a secondary group
–> A user sarah who does not have access to an interactive shell on system and who not a member of sysgrp
–> susan,sarah, andrew password = “Postroll”

groupadd sysgrp

useradd andrew

useradd susan

useradd -s /sbin/nologin sarah

usermod -aG sysgrp andrew

usermod -aG sysgrp susan

Verification:

# id andrew

uid=1002(andrew) gid=1003(andrew) groups=1003(andrew),1002(sysgrp)

# id susan

uid=1003(susan) gid=1004(susan) groups=1004(susan),1002(sysgrp)

# su - sarah

This account is currently not available.

6) create a collaborative directory /redhat/sysgrp with the following characteristics:
–> Group owneship of /redhat/sysgrpis sysgrp
–> The directory should be readbale,writable, and accessable to members of sysgrp,
but not to any other user.
(It is understood that root has access to all files and directories on the system.
–> Files created in /redhat/sysgrp automatically have group ownership set to the sysgrp group

mkdir -p /redhat/sysgrp

chgrp sysgrp /redhat/sysgrp

chmod 2770 /redhat/sysgrp

Verification:

# ls -ld /redhat/sysgrp

drwxrws---. 2 root sysgrp 6 Jun 15 23:21 /redhat/sysgrp

7) Install the appropriate kernel update from http://content.example.com/rhel7.0/x86_64/errata
The following criteria must also be met:
–>The updated kernel is the default kerneal when the system rebooted.
–>The original kernel remains available and bootable on the system

vim /etc/yum.repos.d/rhcsa.repo

[kernelrepo]

name = Local Repo for Kernel

baseurl = [url="http://content.example.com/rhel7.0/x86_64/errata"]http://content.example.com/rhel7.0/x86_64/errata[/url]

gpgcheck = 0

enabled = 1

yum repolist

Run this command before installing the kernel

uname -rms

Linux 3.10.0-123.el7.x86_64 x86_64

Install the kernel

yum install kernel

After Kernel installation, reboot the system and run this command again

# uname -rms

Linux 3.10.0-123.1.2.el7.x86_64 x86_64

8) Enable IP forwarding on your machine

vim /etc/sysctl.conf

net.ipv4.ip_forward = 1

Enable it using:

sysctl -p

9) The user andrew must configure a cron job that runs daily at 14:23 local time and executes – /bin/echo hiya

yum install cronie

systemctl enable crond

systemctl start crond

crontab -eu andrew

23 14 * * * /bin/echo hiya

Verification:

crontab -el andrew

10) Bind with LDAP used provided by classroom.example.com for userr authentication.
Note the following:-
–> The LDAP search base DN is dc=example,dc=com
–> The LDAP certificate file is
http://classroom.example.com/pub/EXAMPLE-CA-CERT
–>ldapuserX should be able to log into your system, whereX is your ServerX ((hint:where X is your domain number),
but will not have a home directory, until you have completed the autofs requirement,below all LDAP users have password of “password”

yum install authconfig-gtk sssd krb5-workstation

#autoconfig-gtk ---------------------------> Fill the information

systemctl start sssd

systemctl enable sssd

Verification:

# getent passwd ldapuser9

ldapuser9:*:1709:1709:LDAP Test User 9:/home/guests/ldapuser9:/bin/bash

#ssh ldapuser9@localhost

11) configure autofs to automount the home directories of LDAP users,
Note the following:
–>classroom.example.com (172.25.254.254), NFS-exports /home/guests to your system, whereX is your server Number.
–>LDAP userX’s home directory is classroom.example.com:/home/guests/ldapuserX
–>LdapuserX’s home directory should be automounted locally beneath /home as /home/guests/ldapuserX
–>home directories must be writable by their users
–>while you are able to login as any of the users ldapuser1 through ldapuser20 the only home directory that is accessible from
your system is ldapuserX.
Example:- classroom.example.com would configure the automaster such that ldapuser100’s home directory /home/guests/ldapuserX gets mounted automatically upon login. The NFS share would be classroom.example.com:/home/guests/ldapuser100

yum install autofs

vim /etc/auto.master.d/home.autofs

/home/guests /etc/auto.home

vim /etc/auto.home

ldapuser9 -rw,sync classroom.example.com:/home/guests/&

systemctl enable autofs

systemctl start autofs

Verification:

#ssh ldapuser9@localhost

[ldapuser9@server9 ~]$ df -h

Filesystem                                                                      Size Used Avail Use% Mounted on

/dev/vda1                                                                        10G 3.4G 6.7G 34% /

devtmpfs                                                                         901M    0 901M 0% /dev

tmpfs                                                                            921M    0 921M 0% /dev/shm

tmpfs                                                                            921M 17M 904M 2% /run

tmpfs                                                                            921M    0 921M 0% /sys/fs/cgroup

/dev/vdb2                                                                        93M 1.6M 85M 2% /gluster

classroom.example.com:/home/guests/ldapuser9 10G 3.4G 6.7G 34% /home/guests/ldapuser9 --------> This line should be present

12) Configure your system so that it is an NTP client of classroom.example.com

yum install chrony

vim /etc/chrony.conf

server classroom.example.com iburst

systemctl restart chronyd

systemctl enable chronyd

Verification:

chronyc sources -V --> to check the reach level

13) copy the file /etc/fstab to /var/tmp
configure the permission of /var/tmp/fstab so that
the file /var/tmp/fstab is owned by the root user, belongs to the group root
should not be executable by anyone.
The user andrew is able to read & write /var/tmp/fstab
The user susan can neighter write nor read /var/tmp/fstab
All other users (current or future) have the ability to read /var/tmp/fstab.

cp /etc/fstab /var/tmp/

chown root:root /var/tmp/fstab

setfacl -m u:andrew:rw- /var/tmp/fstab

setfacl -m u:susan:--- /var/tmp/fstab

Verification:

getfacl /var/tmp/fstab

# su - andrew

[andrew@server9 ~]$ vim /var/tmp/fstab ----> Try to write anything to the file and it should be successful

[andrew@server9 ~]$ exit

logout

# su - susan

[susan@server9 ~]$ cat /var/tmp/fstab

cat: /var/tmp/fstab: Permission denied -----> It should show this error

[susan@server9 ~]$ exit

logout

14) Resize the logical volume, logical-data and it filesystem to 400MB.
Make sure that the filesystem contents remain intact.
(Note: partitions are seldom exactly  the size requested,so any thing within the range of 370MB to 430MB is acceptable)

df -Th -------> get the mount point of it

umount /datasource

e2fsck f /dev/datacontainer/datacopy

resize2fs /dev/datacontainer/datacopy 400M

lvreduce L 400M /dev/datacontainer/datacopy

mount a

15) Add the user talusan with userid 2985

useradd -u 2985 talusan

Verification:

# id talusan

uid=2985(talusan) gid=2985(talusan) groups=2985(talusan)

find the file which owned by user julice and copy the file into /root/findresults directory.

mkdir -p /root/findresults

find / -user julice -exec cp -rfp {} /root/findresults/ \;

16) create a new physical volume, create a new volume group in the name of datacontainer, vg extent is 16.00MB
create a new logical volume in the name of datacopy with the size of 50 extents and file system must vfat then
mount it under /datasource

fdisk /dev/vdb ----- > Create the Partition of 802M[ (16*50) + 2 ] and set it's type 8e (which is LVM type)

partx /dev/vdb --- If you didn't get the partition, just reboot the system, don't get panic

pvcreate /dev/vdb5

vgcreate -s 16M datacontainer /dev/vdb5

vgdisplay -----> Check the vg extent size, its should be this (PE Size 16.00 MiB)

lvcreate -l 50 -n datacopy datacontainer

lvdisplay ------------> Check the size of extents and it should be(Current LE 50)

mkfs.vfat /dev/datacontainer/datacopy ------> Make a filesystem on it

mkdir -p /gluster -----> Create Directory to mount on it

blkid /dev/datacontainer/datacopy -----> get the UUID of /dev/datacontainer/datacopy

vim /etc/fstab --------> Create the mount point inside the fstab

UUID=C553-2BF5 /datasource vfat defaults 0 0

mount -a

Verification:

df -hT ----> verify it is mounted

17) create an archive file /root/local.tgz for /usr/local. it should be compressed by gzip.

tar -cvzf /root/local.tgz /usr/local

18) search the string sarah in the /etc/passwd file and save the output in /root/lines

grep sarah /etc/passwd > /root/lines

# cat lines

sarah:x:1004:1005::/home/sarah:/sbin/nologin