RHCSA-EX200: Vendor Exam Problem Solving
Vendor Exam Module List following this link:
Question-01: Manage basic networking
Configure network and set the static parameters. Consider a machine configured as DHCP, and need to configure it with static parameters.
IP-ADDRESS= 172.25.250.10 | 192.168.213.10/24
NETMASK= 255.255.255.0
GATEWAY= 172.25.250.254 | 192.168.213.1
Nameserver= 172.24.254.254 | 192.168.213.1
Hostname= servera.lab.example.com
Solution
Step-01: Changed the hostname of Linux Machine.
#hostnamectl set-hostname servera.lab.example.com
#hostname or hostnamectl
#cat /etc/hostname
Step-02: Changed/Create/Modify Network Adapter following information
#nmcli connection show
#nmcli device status
#nmcli connection modify <profile_name> ipv4.addresses 172.25.250.10/24 ipv4.gateway 172.24.250.254 ipv4.dns 172.24.254.254 ipv4.method manual connection.autoconnect yes
#systemctl restart NetworkManager
#nmcli connection show <profile_name>
#cat /etc/NetworkManager/system-connections/<profile_name>.nmconnection
Step-03: SSH Enabled
#vim /etc/ssh/sshd.config
PermitRootLogin yes
PasswordAuthentication yes
Or
#vim /etc/ssh/sshd.config.d/ex200.config
PermitRootLogin yes
PasswordAuthentication yes
#systemctl restart sshd.service
Click for Hand on Session of Question no -1:
Question-02: Installing and Updating Software Packages
• Configure your system to use this location as a default repository (public/local repo):
• http://content.example.com/rhel9.0/x86_64/rhcsa-practice/rht
• http://content.example.com/rhel9.0/x86_64/rhcsa-practice/errata
Solution:
Step-01: Create Web Repository.
#vim /etc/yum.repos.d/ex200.repo
[RHT_REPO]
name = RHELv9 Repository of RHT
enabled = 1
gpgcheck = 0
baseurl = http://content.example.com/rhel9.0/x86_64/rhcsa-practice/rht
[ERRATA_REPO]
name = RHELv9 Repository of ERRATA
enabled = 1
gpgcheck = 0
baseurl = http://content.example.com/rhel9.0/x86_64/rhcsa-practice/errata
#chmod 777 /etc/yum.repos.d/ex200.repo
#yum repolist all
#yum update
#yum upgrade
Step-02: Install RPM from Repository
#dnf install rht*
Question-02.1: How to Make Web Repository Server
- Configure the Local Repository in a Machine.
- Switch the Local Repository to Web Server Repository.
- Configure the Web Repository Server Link in the Client Machine.
Server Machine:
Step-01 - Configure the Local Repository At Server Machine
Step-02: Make Web Server Repository from Local Repository At Server Machine
Client Machine: Configure the Web Server Repository Link
Question-03: Managing Local Users and Groups
Create the following users, groups and group memberships:
• A group named sharegrp
• A user harry who belongs to sharegrp as a secondary group
• A user natasha who also belongs to sharegrp as a secondary group
• A user copper who does not have access to an interactive shell on the system and who is not a member of sharegrp.
• harry, natasha and copper should have the password redhat
Solution:
Method-01: Create New Group and New User ID
#groupadd -g 4000 sharegrp
#useradd harry -G sharegrp
#useradd natasha -G sharegrp
#useradd copper -s /sbin/nologin
#echo “redhat” | passwd –stdin harry
#echo “redhat” | passwd –stdin natasha
#echo “redhat” | passwd –stdin copper
OR
Method-02: Another way to create Users and Groups
#groupadd sharegrp
#useradd natasha
#useradd harry
#useradd copper
#usermod -aG shargrp natasha
#usermod -aG shargrp harry
#usermod -s /sbin/nologin copper
#passwd natasha
new password:
Retype new password:
Test: Checked the Configuration
#tail -n 10 /etc/group
#tail -n 10 /etc/shadow
#tail -n 10 /etc/gshadow
#tail -n 10 /etc/passwd
Click for the Hands on session for Q3:
Question-04: Controlling Access to Files
Create collaborative directory /var/shares with the following characteristics:
• Group ownership of /var/shares should be sharegrp.
• The directory should be readable, writable and accessible to member of sharegrp but not to any other user. (It is understood that root has access to all files and directories on the system)
• Files created in /var/shares automatically have group ownership set to the sharegrp group.
Solution:
Step-01: Create a Directory and Changing the Group Ownership
#mkdir /var/shares
#ls -ld /var/shares
#chown :sharegrp /var/shares/
#ls -ld /var/shares/
#chmod 770 /var/shares/
#chmod 2770 /var/shares/
Or
#chmod u=rwx,g=rwx,o= /var/shares/
#chmod g+s /var/shares/
#ls -ld /var/shares/
Step-02: Checked the Configuration
#su -l harry
[harry@servera~]$cd /var/shares/
[harry@servera shares]$cat >> harry.txt
Write something here.
[harry@servera shares]ll
Hands on session for Q4:
Question-05: Accessing Linux File Systems
Find all lines in the file /usr/share/mime/packages/freedesktop.org.xml that contain the string ich Put a copy of these lines in the original order in the file /root/lines.
/root/lines should contain no empty lines and all lines must be exact copies of the original lines in /usr/share/mime/packages/freedesktop.org.xml
Solution
Step-01: Copy the lines from One file to Another file by following ich String
#grep ich /usr/share/mime/packages/freedesktop.org.xml > /root/lines
Or
#cat /usr/share/mime/packages/freedesktop.org.xml | grep ich > /root/lines
Step-02: Checking the Lines of file
#cat /root/lines
#cat /root/lines | more
#less /root/lines
Question-06: Accessing Linux File Systems
Find all the files owned by user natasha and redirect the output to /tmp/output.
Find all files that are larger than 5MiB in the /etc directory and copy them to /find/largedir and redirect the output to /find/largefiles
Solution
Step-01: Find Natasha’s All Files Redirect to Output File
#find / -user natasha -type f > /tmp/output
# cat /tmp/output
Step-02: Find larger +5M from /etc and Copy to output
#mkdir /find
#find /etc -size +5M -exec cp {} /find/largedir \;
#cat /find/largedir
Question-07: Managing Local Users and Groups
Create a user fred with a user ID 3945. Give the password as iamredhatman
Solution:
Step-01: Create User with Password
#useradd -u 3945 fred
#echo “iamredhatman” | passwd –stdin fred
Step-02: Checked the Configuration
#id fred
#less /etc/passwd
Question-08: Managing Files from the Command Line
Search the string nologin in the /etc/passwd file and save the output in /root/strings
Solution:
Step-01: Write the Command copy nologin from /etc/passwd to /root/strings
#grep nologin /etc/passwd > /root/strings
#cat /root/strings | grep nologin
Output:
Question-09: Configuring NTP/Time Synchronization
Configure your system so that it is an NTP client of classroom.example.com
Solution
Step-01: Configure the Chronyd services for NTP Client.
#yum install chrony -y
#systemctl status chronyd.service
#chronyc sources -v
#vim /etc/chrony.config
server classroom.example.com iburst
or
server 0.pool.net.org iburst
:wq!
#chronyc sources
Output:
Hands on Session Q9:
Question-10: Scheduling Future Tasks
The user natasha must configure a cron job that runs daily at 14:23 local
OR
also the same cron job for user Harry will run after every 2 minutes and execute: /bin/echo hello
Solution
Step-01: Create a Job for Natasha user
#less /etc/crontab
#crontab -e -u natasha
23 14 * * * /bin/echo hello
:wq!
#crontab -e -u harry
*/2 * * * * /bin/echo hello
:wq!
#crontab -l -u natasha
#crontab -l -u harry
#systemctl restart crond.service
Output:
Question-11: Archiving and Transferring Files & SELinux
Create a backup file named /root/backup.tar.bz2 or /root/backup.tar.gz2. The backup file should contain the content of /usr/local and should be zipped with bzip2 or gzip2 compression format.
Furthermore, ensure SELinux is in enforcing mode. If it is not, change SELinux to enforcing mode.
Solution:
Step-01: Create bzip2 and gzip compression format
#dnf install -y bzip2
#dnf install -y gzip
#tar -cjvf /root/backup.tar.bz2 /usr/local (bzip2 format)
#tar -czvf /root/backup.tar.gz /usr/local (gzip format)
#tar -cJvf /root/backup.tar.xz /usr/local (xz format)
#tar -cvf /root/backup.tar /usr/local (tar format)
#du -h /root/backup.tar.bzip2 (checked size)
#tar -tf /root/backup.tar
#cd /tmp/
[root@Servera tmp]#tar -xf /root/backup.tar [Extract file]
Step-02: SELinux Configuration
#getenforce
#vim /etc/selinux/config
Hands on session Q11
Question-12: Create a Bash Script
Create a script file name find.sh. when you run this script, it will find all files from 30K to 60k file size from the directory /etc directory & copies those files to /root/data directory.
Solution
Step-01: Write the sh script files
#vim find.sh
#!/bin/bash
# Destination directory
DEST_DIR="/root/data"
# Check if the destination directory exists, if not create it
if [ ! -d "$DEST_DIR" ]; then
echo "Directory $DEST_DIR does not exist. Creating it..."
mkdir -p "$DEST_DIR"
fi
# Find files in /etc directory with size between 30KB and 60KB and copy them to /root/data
echo "Finding and copying files from /etc directory with size between 30KB and 60KB..."
find /etc -type f -size +30k -size -60k -exec cp {} "$DEST_DIR" \;
# Confirmation message
echo "Files copied successfully to $DEST_DIR"
#./find.sh
Question-12.01: Create a Bash Script
Write a script `mysearch to list the contents of /usr that are smaller 10M and set group id (SGID) permission. The script should be present in /usr/local/bin After execution, the script should automatically write all the lines and save it to /root/lines.
Solution:
#vim /usr/local/bin/mysearch #! /bin/bash find /usr -size -10M -perm -g=s > /root/lines :wq! #chmod +x /usr/local/bin/mysearch #mysearch (to run command) #vim /root/lines (to check output)
Question-13: Managing SELinux Security
Your webcontent has been configured in port 82 at the /var/www/html directory (Don't alter or remove any files in this directory). Make the content accessible.
OR
Debug SELinux - A web server running on non standard port 82 is having
issues serving content, Debug and fix the issues.
- The web server on your system can server all the existing HTML files
from/var/www/html
- Web service should automatically start at boottime.
- Do not make any changes to these files
Solution:
Step-01: Configure the HTTP Service
# systemctl status httpd.service
# systemctl enable httpd.service
# vim /etc/httpd/conf/httpd.conf
Listen 82
# semanage port -l | grep "http"
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
# semange port -a -t httpd_port_t -p tcp 82
# semanage port -l | grep "http"
http_port_t tcp 82, 80, 81, 443, 488, 8008, 8009, 8443, 9000
# firewall-cmd --permanent --add-port=82/tcp
# firewall-cmd --reload
# firewall-cmd --list-all
# systemctl restart httpd
Question-14: Set the Password expire date
The password for all new users in servera.lab.example.com should expires after 30 days.
Solution
Step-01: Checked the present user’s Password aging
#cat /etc/login.defs | less (just read but may changed from there)
#chage -l <user> [see the info of previous user]
#date -d “+30days” or date --date=”+30 days”
Step-02: Change the Password aging for all upcoming new user
#vim /etc/login.defs
Step-03: Checked creating New user
#useradd test
#chage -l test
Step-04: For Existing Users password aging policy changed Process.
# chage -m 0 -M 30 -W 7 student
#chage -E $(date -d "+30 days" +%F) student (Account expires date set)
Hands-on-session Q14:
Question-15: Autofs Configuration by Exporting
Configure autofs to automount the home directories of user remoteuser15. Note the following:
• utility.lab.example.com (172.24.10.10), NFS-exports /netdir to your system, where
user is remoteuser15
• remoteuser15’s home directory is utility.lab.example.com:/netdir/remoteuser15
• remoteuser15’s home directory should be auto mounted locally beneath /netdir as
/netdir/remoteuser15
• Home directories must be writable by their users while you are able to login as any of
the remoteuser15 only home directory that is accessible from your system
Solution:
Step-01: Configuration NFS Server
#dnf install nfs* nfs-utils libnfsidmap
#systemctl start/enable/status nfs-server.service
#systemctl start/enable/status rpcbind.service
#systemctl start/enable/status rpc-statd.service
#systemctl start/enable/status nfs-idmapd .service
#mkdir /netdir/remoteuser15
#chmod -R 777 /netdir/remoteuser15
[root@servera remoteuser15]#touch file{1..3}.txt
[root@servera remoteuser15]#ls -l
#vim /etc/exports
/netdir/remoteuser15 <nfs-client-ip>(rw,sync,no_root_squash)
#exportfs -rva
#firewall-cmd --permanent --add-service={nfs,mountd,rpc-bind}
#firewall-cmd --reload
#firewall-cmd --list-all
Step-02: Configure the NFS-Client Machine
#dnf install nfs-utils autofs
#systemctl start/enable/status autofs.service
#showmount -e <nfs-server-ip>
#vim /etc/auto.master.d/demo.autofs
/netdir /etc/auto.demo
#vim /etc/auto.demo
remoteuser15 -rw,soft,sync,intr <nfs-server-ip>:/netdir/remoteuser15
#ls /
#df -h
#systemctl restart autofs.service
#cd /netdir
[root@client netdir]#ll
[root@client netdir]#cd remoteuser15
[root@client remoteuser15]#ll
N:B: LDAP Configuration for last number question’s answer
Question-16: Reset the Root Password of Linux
Solution:
Step-01: Enter GRUB Version, press e for edit
Step-02: Last word of the Linux line, write rd.break and Press Ctrl+x for boot
Step-03: Write following command from this bellow picture.
#mount -o remount,rw /sysroot/
#chroot /sysroot/
#passwd
(set new password for root)
#touch /.autorelabel
#exit
#exit
logout
N:B: After completing all the procedures will be reboot and Open the login window
Step-04: Checked after login by root userID & password to workstation machine.
Hands-on-session Q16:
Question-17: SUDO Configuration
Configure sudo permissions for users who are members of the admin group, allowing them to use sudo without a password.
Solution:
Step-01: Create a file into the sudoers folder
#vim /etc/sudoers.d/exam
%admin ALL=(ALL) NOPASSWD=ALL (allow for all commands)
:wq!
Step-02: Checked by this group’s user
[test@servera~]#useradd test2
Step-03: Specify Allowed Commands for Specific Group/User
Step-04: Output above this commands.
Hands-on-session Q17:
Question-18: TUNING SYSTEM PERFORMANCE
Change the current tuning profile for serverb to default profile.
Solution:
Step-01: Install Packages
#dnf install tuned
#systemctl start tuned.service
#systemctl enable tuned.service
#tuned-adm recommend
#tuned-adm profile virtual-guest
#tuned-adm active
#tuned-adm profile_info
Question-19:UMASK Configure
Set permission for user Student. User will get the permission below for file & directory when he creates new files or directory.
-rw-------
drwx------
Solution
Step-01: Edit a .bashrc file from student user
#vim .bashrc
Umask 0077 (last of the lines)
:wq!
Step-02: Outcome from this command
Relevant Questions/Answer 0f umask:
UMASK Info: .bashrc, /etc/bashrc, /etc/login.defs, /etc/profile
Question-20: Add a Swap partition
Add an additional swap partition of 512 MiB to your system. The swap partition should automatically mount when your system boots. Do not remove or otherwise alter any existing swap partition on your system.
Solution:
Step-01: Create SWAP partition
#free -m (checking the swap partition)
#swapon --show
#fdisk -l (checked the hdd)
#fdisk /dev/nvme0n3
#partprobe
#fdisk -l
#mkswap -L newswap /dev/nvme0n3p1
#swapon -L newswap
#free -m
#vim /etc/fstab
#wq!
#swapon -a
#reboot
Question-21: Create a logical volume
Create a new logical volume according to the following requirements:
- The logical volume is named database and belongs to the datastore volume group and has a size of 50 extents.
- Logical volume in the datastore volume group should have an extent size of 16 MiB.
- Format the new logical volume with vfat filesystem. The logical volume should be mounted automatically mounted under /mnt/database at system boot time.
Solution:
Step-01: Create Physical Volume from HDD
#fdisk -l (to see all attached physical HDD)
#fdisk /dev/sdc
#partprobe
#udevadm settle
#df -h
#fdisk -l /dev/sdc
#pvcreate /dev/sdc1
#pvs
#pvdisplay
#vgcreate -s 16M datastore /dev/sdc1
#vgs
#vgdisplay | more
#lvcreate -n database -L 800M datastore or lvcreate -n database -l 50 datastore
#lvs
#lvdisplay | less
#mkfs.vfat /dev/datastore/database
#mkdir /mnt/database
#mount -t vfat /dev/datastore/database /mnt/database
#vim /etc/fstab
#mount -a
#df -h
#man df
Step-02: Test Physical Volume, Volume Group and Logical Volume Status
Hands-on-session Q21:
Question-22: LVM partition resize
LVM partition LVM partition resize re-size 850MB. Where LV name is database. Partition size must be within approximately 830MB to 865MB and usable.
Solution:
[Method-01] Step-01: Extend storage Logical Volume
#lvs
#lvdisplay /dev/datastore/database
#lvextend -r -L 850M /dev/datastore/database
#lvdisplay | more
Step-02: Checked the Logical Volume Resize Status
[Method-02]: Resize the Logical Volume by lvresize command
#lvresize -L 25M /dev/vg_name/lg_name
#resize2fs /dev/mapper/vg_name-lg_name
#df -Th
Question-23: Container Image from Containerfile
Create a container image named monitor from a Containerfile from below link
http://fromwebserver/Containerfile . All this task done using student user.
Solution:
Step-01: Containerfile from specific url (according to the above question)
[student@hosta ~]$ podman login <exam registry url >
username: yourusername
password: your registry login pass
[student@hosta ~]$ mkdir demo
[student@hosta ~]$ cd demo
[student@hosta demo]$ wget http://fromwebserver/Containerfile
[student@hosta demo]$
[student@hosta demo]$ podman build -t monitor .
[student@hosta demo]$ podman images
Question-23.1: Create a container image from the provided link
- create a container image from "http://utility.example.com/container/Containerfile" name it as 'monitor' with user athena
-login to 'registry.lab.example.com' through "admin" and "redhat321" ->find it out credentials from.
Solution:
# id athena
# ssh athena@localhost
$ podman login registry.lab.example.com
Username: admin
Password: redhat321
$ wget http://utility.example.com/container/Containerfile
$ podman build -t monitor -f . (NAME:TAG:DIR)
$ podman images localhost/monitor
$ exit
Question-24: Create a Container Image from a Registry (Optional)
Step-01: Download an Image from the registry
#podman images
#podman pull <registry_url_images>
#podman images
Step-02: Inspect the Images
#podman image inspect <images_url_from_container>
Step-03: Run & Interact with Bash Container Image file
#podman run -d --name web1 <container_image> or
podman run -d --name python38 -p 8000:8080 \
registry.access.redhat.com/ubi8/python-38 (Background running and fort forwarding container)
#podman ps
#podman ps -a
#podman exec web1 ps -ax
#podman exec -it web1 bash
Step-04: Stop, Remove the Podman services
#podman ps
#podman stop <service_custom_name>
#podman ps -a
#podman rm <service_custom_name> or podman rmi <service_url>
Question-25: Create rootless container according to the following requirements.
▪ Create a container named as ‘ascii2pdf’ using the previously created container image from previous question monitor.
▪ Map the ‘/opt/files’ to container ‘/opt/incoming’
▪ Map the ‘/opt/processed’ to container ‘/opt/outcoing’
▪ Create systemd service as container-ascii2pdf.service
▪ Make service active after all server reboots
Solution:
#mkdir /opt/files /opt/processed
#chown student:student /opt/files /opt/processed
# ssh studednt@localhost
$podman run -d –name ascii2pdf -v /opt/files:/opt/incoming:Z -v /opt/processed:/opt/outgoing:Z localhost/monitor:latest
$ mkdir ~/.config/systemd/user [mkdir /home/student/.config/systemd/user]
$cd ~/.config/systemd/user
$podman generate systemd –name ascii2pdf –new –files
$podman stop ascii2pdf
$podman rm ascii2pdf
$systemctl –user daemon-reload
$loginctl enable-linger
$systemctl –user enable container-ascii2pdf.service –now
$ podman ps
Question-25.1: Create rootless container and do volume mapping which they asked you in the question and run container as a service from normal user account, the service must be enable so it could start automatically after reboot
a. Create a container named as 'ascii2pdf' using the previously created container image from previous question 'monitor'
b. Map the '/opt/processed' to container '/opt/outgoing
c. Map the '/opt/files' to container '/opt/incoming'
d. Create systemd service as container-ascii2pdf.service
e. Make service active after all server reboots.
Solution:
# mkdir /opt/files
# chown -R athena:athena /opt/files
# mkdir /opt/processed
# chown -R athena:athena /opt/processed
# ssh athen@localhost
$ podman run -d --name ascii2pdf -v /opt/files:/opt/incoming:Z -v
/opt/processed:/opt/outgoing:Z localhost/monitor
$ podman ps
$ mkdir /home/athena/.config/systemd/user/
$ cd ~/.config/systemd/user/
$ podman generate systemd --name ascii2pdf --files --new
$ ls -l
$ systemctl --user daemon-reload
$ systemctl --user enable container-ascii2pdf.service
$ systemctl --user start container-ascii2pdf.service
$ loginctl enable-linger athena
$ loginctl show-user athena
$ systemctl - -user restart container-ascii2pdf.service
$ podman ps
Conatiner Similiar Question:
▪ Create a container named demo1 from the image name rsyslog from image
registry.
▪ The container should run a rootless user named devops and map the local host
diretory /data/files to container directory /var/log
▪ Configure the container with a systemd service named container-demo1 for the
user devops.
▪ Service will automatically start across reboot without any manual instructions.
FINALLY I PUT RED HAT IN MY HEAD -
