RHCE 7 Exam Practice with Solution Part-2 (EX 300)

7) Link Aggregation:-

--->configure your serverX and DesktopX which watches for link changes and selects on active port for data transfors.
--->ServerX should have the address as 192.168.0.100/255.255.255.0
--->DesktopX should have the address as 192.168.0.100/255.255.255.0

Solution:

[root@server7 ~]#nmcli connection show
[root@server7 ~]#nmcli connection add con-name team0 type team ifname team0 config '{"runner":{"name":"activebackup"}}'
[root@server7 ~]#teamdctl team0 state [Default is round robin here we are going to setup active backup]
[root@server7 ~]#nmcli connection modify team0 ipv4.addresses 192.168.0.100/24 ipv4.method static
[root@server7 ~]#nmcli connection down team0 ;nmcli connection up team0
[root@server7 ~]#nmcli connection add con-name team0-port1 type team-slave ifname eno33554992 master team0
[root@server7 ~]#teamdctl team0 state
[root@server7 ~]#nmcli connection add con-name team0-port2 type team-slave ifname eno50332216 master team0
[root@server7 ~]#teamdctl team0 state
[root@server7 ~]#ifdown eno33554992
[root@server7 ~]#teamdctl team0 state
[root@server7 ~]#nmcli connection up eno33554992
[root@server7 ~]#nmcli connection up team0-port1
[root@server7 ~]#teamdctl team0 state
[root@server7 ~]#nmcli connection down team0-port2
[root@server7 ~]#teamdctl team0 state
[root@server7 ~]#nmcli connection up team0-port2
[root@server7 ~]#nmcli teamdctl team0 state

Note : Do ping command ping 192.168.0.254 -t from another terminal to check status

Do the same for desktop machine also....

8) SMTP configuration

--->configure the SMTP mail service on serverX and desktopX which only reply mail from local system through station.network0.example.com
--->all outgoing mail have ther sender domain at example.com ensure that mail should not store locally.
--->Verify the mail server is woring by sender mail to a sirat user.

Solution:

[root@server7 ~]#yum install postfix
[root@server7 ~]#systemctl enable postfix
[root@server7 ~]#systemctl start postfix

--Allow smtp port into firewall---

[root@server7 ~]firewall-cmd --permanent --add-service=smtp
[root@server7 ~]firewall-cmd --reload
[root@server7 ~]firewall-cmd --list-ports
[root@server7 ~]vim /etc/postfix/main.conf

inet_interface=localhost
mydestination=
myorigin=example.com
relayhost=[station.network0.example.com]
mynetworks=127.0.0.0/8,[::1]/128
local_transport=error:local delivery disabled

[root@server7 ~]#systemctl start postfix
[root@server7 ~]#useradd sirat
[root@server7 ~]#mail -V sirat@server7.example.com   [send a test mail to sirat user]

[root@server7 ~]#tail -f /var/log/maillog [check mail status]

17) script

--->create a script on serverX called /root/random with the following details
--->when run as /root/random Postconf, should bring the output as "Postroll"
--->when run as /root/random Postroll, should bring the output as "Postconf"
--->when run with only other argument or wihout argument, should bring the stderr as
"/root/random Postconf | Postroll"

Solution:

[root@server7 ~]#vim /root/random
#!/bin/bash
case $@ in
postconf ) echo "Postroll";;
Postroll ) echo "postconf";;
         *) echo "/root/random postconf | Postroll";;
esac

[root@server7 ~]#chmod a+x /root/random

18) script 

--->create a script on serverX called /root/createusers
--->when this script is called with the test file argument, it should add all the users from the file
--->downloaded the fire from http://station.network0.example.com/pub/testfile
--->all user should have the login shell as /bin/false, passwd not required.
--->when this script is called wih anyother argument, it should print the message "Input File Not Found"
--->When this script is run without any argument, it should dissplay "Usage "/root/createuser"
Note:- If the users are added no need to delete.

Solution:

#wget http://classroom.example.com/pub/testfile

[root@server7 ~]#vim /root/createusers

#!/bin/bash
a=""
case "$@" in
testfile ) for b in `cat testfile`
do
useradd -s /bin/false $b;
done;;
$a ) echo "Usage:/root/createusers";;
* ) echo "Input file Not Found";;
esac

[root@server7 ~]#chmod a+x /root/createusers


19) Configure SCSI storage. (Target CLI)

--->create a new 1 GB iscsi_block target on your serverX.example.com
--->The server should export on iscsi disk called iqn.2014.11.com.example.serverX.
--->This target should be only be available allowd to clients with an IQN of iqn.2014.11.com.example.desktopX.

Solution:

Server-Vm
--------
[root@server7 ~]#yum install targetcli* -y
[root@server7 ~]#systemctl enable target.service
[root@server7 ~]#systemctl start target.service
[root@server7 ~]#firewall-cmd --permanent --add-port=3260/tcp
[root@server7 ~]#firewall-cmd --reload
[root@server7 ~]#fdisk /dev/vdb   [Create 1GB new partition]
:n,:p,:1,:Enter,:+1G,:w
#partprobe /dev/vdb
#cat /proc/partitions
#targetcli
>ls
>cd /backstores/block
>create block1 /dev/vdb1
>cd /iscsi
>create iqn.2014-10.com.example:serverX
>cd /iscsi/iqn.2014-10.com.example/tpg1/acls
>create iqn.2014-10.com.example:desktopX
>cd /iscsi/iqn.2014-10.com.example/tpg1/luns
>create /backstore/block/block1
>cd /iscsi/iqn.2014-10.com.example/tpg1/portals
>create 172.25.X.11/3260      ------->( server ip)
>exit


#systemctl restart target.service

20) ISCSI initiator
-The serverX.example.com provides an iscsi port (3260). connect the disk with desktopX.example.com
and configure filesystem with the following requirements,
-create 800MB partition on ISCSI blcok device and assign the filesystem as xfs.
-Mount the volume under /mnt/initiator at the system boot time.
The filesystem should contain the copy of http://classroom.example.com/pub/iscsi.txt
The file should be owned by root with 0644 permission Note: don't modify the content.

Desktop-Vm
----------
[root@server7 ~]#yum install iscsi-initiator-utils -y
[root@server7 ~]#systemctl enable iscsi.service iscsid.service
[root@server7 ~]#systemctl start iscsi.service iscsid.service

[root@server7 ~]#vim /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2014-10.com.example:desktopX

:wq

[root@server7 ~]#systemctl restart iscsi.service iscsid.service

[root@server7 ~]#systemctl start iscsi.service
[root@server7 ~]#systemctl start iscsid.service

man iscsiadm -- search with /examples and take discoverydb and login commands and modify the ipaddress.

[root@server7 ~]#iscsiadm --mode discoverydb --type sendtargets --portal 172.25.11.11 --discover
[root@server7 ~]#iscsiadm --mode node --targetname iqn.2014-06.com.example:server11 --portal 172.25.11.11:3260 --login
cat /proc/partitions
[root@server7 ~]#fdisk /dev/sdc
n,p,1,Enter,+200M,w
[root@server7 ~]#partprobe /dev/sdc
[root@server7 ~]#blkid
[root@server7 ~]#vim /etc/fstab
UUID= /media ext4 _netdev 0 0
:wq
=================

RHCE 7 Exam Practice with Solution Part-1 (EX 300)

1) configure your systems that should be running Enforcing

Solution: 
[root@server ~]# vim /etc/selinux/config

SELINUX=enforcing

[root@server ~]# reboot

after reboot check that selinux status using following command

[root@server ~]# getenforce
Enforcing

Do the same for desktop machine also....

2) configure repository
--->create a repository for your virtual machines
--->The url is http://station.network0.example.com/content/rhel7.0/x86_64/dvd
Solution:
[root@server ~]# vim /etc/yum.repos.d/server.repos
[server]
name= Siratun Jannat
baseurl= http://station.network0.example.com/content/rhel7.0/x86_64/dvd
gpgcheck= 0

[root@server ~]# yum clean all
[root@server ~]# yum repolist

Do the same for desktop machine also....


3) ssh configuration
--->configure ssh access on your virtual machines as follows
--->clients witin my22ilt.org shouldnot access to ssh on your systems

Solution: 

[root@server ~]#yum install openssh-server
[root@server ~]#systemctl start sshd
[root@server ~]#yum enable sshd
[root@server ~]#firewall-cmd --permanent --add-service=ssh
[root@server ~]#firewall-cmd --reload
[root@server ~]#firewall-config
-->Permanent
-->Rich Rule
-->add-->ipv4 (family)
 -->element -->service -->ssh
 -->action -->reject
 -->source Address-->172.16.0.0/24    --(my22ilt.org )
--> reload firewalld

Now check firewall list that rules applied or not using following command

[root@server ~]#firewall-cmd --list-all

Do the same for desktop machine also....



       
4) configure port forwarding.

--->configure serverX to forward traffic incoming on port 80/tcp from desktop to port on 5243/tcp.

Solution:

[root@server ~]#firewall-config
-->Permanent
-->Rich Rule
-->add-->ipv4 (family)
 -->element -->port-forward
 -->source-->protocol-->tcp
-->port/port Range 5243
-->Local Forwarding 22
 -->source Address-->172.16.25.0/24    --(Server IP )
--> reload firewalld

[root@server ~]# firewall-cmd --list-all

 rich rules:
        rule family="ipv4" source address="172.16.25.0/24" forward-port port="5243" protocol="tcp" to-port="22"
[root@server ~]#



5) simple command
--->create a command called qsatat on both serverX and desktopX
--->It should able to execute the following command
(ps -eo pid,tid,class,rtprio,ni,pri,psr,pcpu,stat,wchan:14,comm)
---> The command should be executable by all users

Solution:

[root@server ~]#vim /etc/bashrc
qstat()
{
ps -eo pid,tid,class,rtprio,ni,pri,psr,pcpu,stat,wchan:14,comm
}
[root@server ~]#source /etc/bashrc
[root@server ~]#qstat

Do the same for desktop machine also....


6) configure ipv6 network

--->create eth0 with a static ipv6 addresses as follows
--->configure a static ipv6 address in serverX as fddb:fe2a:ab1e::c0a8:64/64
--->desktop as fddb:fe2a:ab1e::c0a8:02/64

Solution: 

--Server Machine---
[root@server ~]# nmcli connection modify eno16777736 ipv6.addresses fddb:fe2a:ab1e::c0a8:64/64 ipv6.method static connection.autoconnect yes
[root@server ~]# nmcli connection down eno16777736;nmcli connection up eno16777736
[root@server ~]#ping6 fddb:fe2a:ab1e::c0a8:64

--Desktop Machine---

[root@server ~]# nmcli connection modify eno16777736 ipv6.addresses fddb:fe2a:ab1e::c0a8:02/64 ipv6.method static connection.autoconnect yes
[root@server ~]# nmcli connection down eno16777736;nmcli connection up eno16777736
[root@server ~]#ping6 fddb:fe2a:ab1e::c0a8:02