RH299CourseNotesDay1

29th September 2016 at 5:12pm
RH299CourseNotes

Course textbook 1, chapter 9.

Course textbook 2, pages 63-70.

  • lsinitrd - wrapper around initial ramdisk image (looks for magic strings inside the image file to seperate the first cpio archive from the second part of the image).

systemd

  • systemctl commands referencing object or units that do not specify the '.type' suffix, are assumed to service objects, and are automatically suffixed with .service.
  • Targets are analagous to old init "runlevels".
    • telinit is analagous to systemctl isolate foo-unit.target
    • Useful targets are: multi-user.target, rescue.target and emergency.target (similar to rescue.target, but gives you the shell after the root filesystem pivot has happened).
  • Kernel argument systemd.unit=mytarget.target sets the systemd target.
    • systemctl get-default and systemctl set-default <TARGET> can be used to change the default target.
  • systemctl enable debug-shell.service
    • Provides a password-less root shell on VTY9 (Ctrl-Alt-F9) to debug the systemd boot process at boot time.
    • systelctl list-jobs
  • Additional useful arguments are: is-enabled, is-active, list-units, list-unit-files (enabled, loaded or not), --output=json, --no-legend, --no-pager, show (machine readable version of status).

Grub2 & Dracut

  • Kernel argument rd.break is analagous to the old S or single kernel argument for single usermode, in that it will dump you to a shell inside the initial ramdisk image (Dracut) environment.
    • mount -o remount,rw /sysroot - Target root filesystem is mounted read-only on /sysroot before pivot.
  • Kernel argument selinux=0 and enforcing=0 will overload /etc/sysconfig/selinux values at boot.
  • touch /.autorelabel will force default SELinux labels to be restored to core files at boot (necessary if you clobber SELinux labels by changing the root password from inside Dracut for example, as Dracut runs without SELinux).

journald

To persist journald log databases between reboots:

mkdir /var/log/journal \
  && chown root:system-journal /var/log/journal \
  && chmod 2755 /var/log/journal \
  && systemctl restart systemd-journal.service

firewalld

  • firewald.service - systemd object / unit service name.
  • firewall-config
  • firewall-cmd
    • Remember to use the --permanent argument to persist the configuration change to disk, and then use firewall-cmd reload to apply it, otherwise the change will be made to the current running configuration only.
  • firewall-offline-cmd
  • /lib/firewalld/ (and by extension due to the /usr/ symlink, /usr/lib/firewalld/)
  • /etc/firewalld/