Red Hat Storage Server Administration(RH236) Training

The performance based training of Red Hat Storage Server Administration trains one how to install, configure, and maintain a cluster of Red Hat® Storage servers. To earn the certificate one need to demonstrate the ability to implement storage solutions using Red Hat Storage Server and to configure clients to use this storage. The course will also explore highly available common Internet file systems (CIFS) and network file systems (NFS) using CTDB, unified file and object storage, and geo-replication.

Audience

• Linux system administrators and storage administrators interested in, or responsible for, maintaining large storage clusters using Red Hat Storage
• Red Hat Certified System Administrator (RHCSA) certification or an equivalent level of knowledge is highly recommended

Prerequisites

• RHCSA certification or equivalent experience
• For candidates who have not earned their RHCSA, confirmation of the needed skills can be obtained by passing the online skills assessment.

Outline for this course

1.Introduction to Red Hat Storage

Understand Red Hat Storage server features and terminology.

2 .Explore the classroom environment

Gain familiarity with the classroom environment.

3. Installation

Install Red Hat Storage Server.

4 . Basic configuration

Build a Red Hat Storage server volume.

5 .Volume types

Understand different volume types.

6 .Clients

Access data on Red Hat Storage server volumes from different client types.

7. ACLs and quotas

Implement quotas and Posix access control lists.

8. Extending volumes

Grow storage volumes online.

9. IP failover

Configure IP failover using CTDB.

10.  Geo-replication

Configure geo-replication.

11. Unified file and object storage

Configure Swift object access.

12 .Troubleshooting

Perform basic troubleshooting tasks.

13 .Managing snapshots

Manage snapshots in Red Hat Storage.

14. Hadoop plugin

Learn about the Hadoop plugin configuration.

9 Useful Tips For Linux Server Security

Any serious systems can't ignore server security, especially in public Cloud. No doubt there're tons of tips and tutorials available on the Internet. Let's focus on fundamental and general best practices first.
A List Of Security Improvements I Enforce After OS Provisioning.

---

Here we use Ubuntu 16.04 for instance.

1. Keep Kernel Up-To-Date.

Certainly no blind update for prod envs. But for newly installed servers, it's usually harmless and can guarantee a higher level of security.
One common suggestion is disabling unused services. But I choose to trust my distros provider. Generally speaking, I believe they might make right choices to have what installed and enabled by default.

apt-get -y update

2. Reset Root password.

We need that to access web console of VMs. This happens when ssh doesn't work. e.g. problematic iptables rules block you, OS runs into kernel panic, or machine reboot mysteriously stucks.

root_pwd="DevOpsDennyChangeMe1"
echo "root:$root_pwd" | chpasswd

3. Hardening SSHD.

Only allow ssh by keyfile, thus hackers can't easily break-in by guessing your password. Use another ssh listening port other than 22, which can avoid annoying ssh login attempts.

# Disable ssh by password
sed -i 's/^#PasswordAuthentication yes/PasswordAuthentication no/g' \
      /etc/ssh/sshd_config
sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' \
     /etc/ssh/sshd_config
grep PasswordAuthentication /etc/ssh/sshd_config

# Use another ssh port
sshd_port="2702"
sed -i "s/^Port 22/Port $sshd_port/g" /etc/ssh/sshd_config
grep "^Port " /etc/ssh/sshd_config

# Restart sshd to take effect
service ssh restart

4. Restrict Malicious Access By Firewall.

This might be the most important security improvement you shall do.

# Have a clean start with iptables
iptables -F; iptables -X
echo 'y' | ufw reset
echo 'y' | ufw enable
ufw default deny incoming
ufw default deny forward

# Allow traffic of safe ports
ufw allow 22,80,443/tcp

# Allow traffic from certain port
ufw allow 2702/tcp

# Allow traffic from trusted ip
ufw allow from 52.74.151.55

5. Add Timestamp To Command History.

It allows us to review what commands has been issued, and when.

echo export HISTTIMEFORMAT=\"%h %d %H:%M:%S \" >> /root/.bashrc

6. Generate SSH Key Pair.

Never never share the same ssh key pair across servers!

exec ssh-agent bash

# General new key pair
ssh-keygen

# Load key pair
ssh-add

7. Pay Close Attention to var/log.

Use logwatch to automate the check and analysis. It's a userful parsing perl script that analyzes and generates daily reports on your system's log activity. Major log files:

• /var/log/kern.log
• /var/log/syslog
• /var/log/ufw.log
• /var/log/auth.log
• /var/log/dpkg.log
• /var/log/aptitude
• /var/log/boot.log
• /var/log/cron.log
• /var/log/mailog

apt-get install -y logwatch

# Full check. Takes several minutes
logwatch --range ALL

# Only check log of Today
logwatch --range Today

# Check log for last week
logwatch --range "between -7 days and -1 days"

8. Run 3rd Security Check Tools.

Not everyone can or will be a security expert. Better try reliable and versatile tools. lynis is quite handy and straight-forward. Just a single bash file.

apt-get install -y lynis

# Run lynis to check security issues
lynis -c

9. Proper Backup Unrecoverable Data.

Always has plan B. As the last resort, make it's feasible to do a quick system restore in new servers.

Networking in openstack with Neutron

Neutron:

OpenStack Networking allows you to create and attach interface devices managed by other OpenStack services to networks. Plug-ins can be implemented to accommodate different networking equipment and software, providing flexibility to OpenStack architecture and deployment.

Some  Openstack  Networking  Terms:

Switches

Switches are the devices that enable packets to travel from one node to another. Switches connect hosts that belong to the same layer-2 network. Switches enable forwarding of the packet received on one port (input) to another port (output) so that they reach the desired destination node. Switches operate at layer-2 in the networking model.  


Routers

Routers are special devices that enable packets to travel from one layer-3 network to another. Routers enable communication between two nodes on different layer-3 networks that are not directly connected to each other. Routers operate at layer-3 in the networking model. They route the traffic based on the destination IP address in the packet header.

Firewall:
 
Firewalls are used to regulate traffic to and from a host or a network. A firewall can be either a specialized device connecting two networks or a software-based filtering mechanism implemented on an operating system. Firewalls are used to restrict traffic to a host based on the rules defined on the host. They can filter packets based on several criteria such as source IP address, destination IP address, port numbers, connection state, and so on. It is primarily used to protect the hosts from unauthorized access and malicious attacks. Linux-based operating systems implement firewalls through iptables.


Load balancers

Load balancers can be software-based or hardware-based devices that allow traffic to evenly be distributed across several servers. By distributing the traffic across multiple servers, it avoids overload of a single server thereby preventing a single point of failure in the product. This further improves the performance, network throughput, and response time of the servers.  .


NAT  
 
Network Address Translation (NAT) is a process for modifying the source or destination addresses in the headers of an IP packet while the packet is in transit. In general, the sender and receiver applications are not aware that the IP packets are being manipulated.

NAT is often implemented by routers, and so we will refer to the host performing NAT as a NAT router. However, in OpenStack deployments it is typically Linux servers that implement the NAT functionality, not hardware routers. These servers use the iptables software package to implement the NAT functionality.

There are multiple variations of NAT, and here we describe three kinds commonly found in OpenStack deployments.

SNAT

In Source Network Address Translation (SNAT), the NAT router modifies the IP address of the sender in IP packets. SNAT is commonly used to enable hosts with private addresses to communicate with servers on the public Internet.


DNAT

In Destination Network Address Translation (DNAT), the NAT router modifies the IP address of the destination in IP packet headers.

OpenStack uses DNAT to route packets from instances to the OpenStack metadata service. Applications running inside of instances access the OpenStack metadata service by making HTTP GET requests to a web server with IP address 169.254.169.254. In an OpenStack deployment, there is no host with this IP address. Instead, OpenStack uses DNAT to change the destination IP of these packets so they reach the network interface that a metadata service is listening on.

If anyone want to do RHCA Training, please visit - http://www.rhcatraining.com/

Virtualization facts

1 What is virtualization?

Virtualization (or virtualisation) is the creation of a virtual  version of something, such as a hardware platform, operating system, a storage device or network resources.

2 What are the benefits of virtualization?

 

Virtualization Benefits

1. It helps in saving lots of cost and allows easy maintenance.

2. It allows multiple operating systems on one virtualization platform.

3. It removes the dependency of heavy hardware to run the application.

4. It provides servers that are used for crashing of a server purpose

5. It reduces the amount of space being taken by data centres.

3 What is the purpose of a Hypervisor?

Hypervisor is a program that manages the virtual machine.
It allows multiple operating system to share single hardware resource.
Each operating system in this consists of its own defined space consisting of space, memory and processor. It is used as a controller program to control host processors and resources.

4 What is a VMware kernel?

VMWare kernel is a proprietary kernel that means that it is a registered kernel by VMWare Company and it is not based on any other kernel architecture or any other operating system.

5 Features of VMware.

VMware provides web browser Interface.

It provides easy to use wizard to configure the Settings.

It provides tools to easily create hosts and maintain it from one Place.

It provides easy maintenance of Virtual Machines.

It provides easy graphics to configure the VMWare settings for security

RHCA Training in Jaipur

RedHat Certified Architect (RHCA) - "Highest Level of Certification in RedHat Family & Biggest Ever Campaign by LinuxWorld" 

The path to Red Hat Certified Architect (RHCA) isn't as straightforward. Apart from being a Red Hat Certified Engineer (RHCE), you need to pass the following exams as well:

A Red Hat^® Certified Architect (RHCA) is a Red Hat Certified Engineer (RHCE^®) or Red Hat Certified JBoss Developer who attained Red Hat's highest level of certification by passing and keeping current five additional hands-on exams on Red Hat technologies from the respective lists below. If you pass more than five, then you achieve a higher level of RHCA. For example, if you passed six exams beyond RHCE or RHCJD you would be an RHCA Level II. This status would be reflected on the verification page.

In order to retain RHCA status, you must keep at least five credentials beyond either RHCE or RHCJD current from the respective lists on the SKILLS tab below. These need not be the same credentials you used when you first earned RHCA.

1.     Red Hat Gluster Storage Administration (RH236)
2.     Red Hat Enterprise Virtualization (RH318)
3.     Red Hat Server Hardening (RH413)
4.     JBoss Administration I (JB248)
5.     RedHat OpenStack Administration (CL210)