Oracle® Linux

Administrator's Guide for Release 7

Oracle Legal Notices
Oracle Documentation License

E54669-52

June 2018


Table of Contents

Preface
I System Configuration
1 The Unbreakable Linux Network
1.1 About the Unbreakable Linux Network
1.2 About ULN Channels
1.3 About Software Errata
1.4 Registering as a ULN User
1.5 Registering an Oracle Linux 7 System
1.6 Disabling Package Updates
1.7 Subscribing Your System to ULN Channels
1.8 Browsing and Downloading Errata Packages
1.9 Downloading Available Errata for a System
1.10 Updating System Details
1.11 Deleting a System
1.12 About CSI Administration
1.12.1 Becoming a CSI Administrator
1.12.2 Listing Active CSIs and Transferring Their Registered Servers
1.12.3 Listing Expired CSIs and Transferring Their Registered Servers
1.12.4 Removing a CSI Administrator
1.13 Installing Java SE on Oracle Linux from ULN
1.14 Switching from RHN to ULN
1.15 For More Information About ULN
2 Yum
2.1 About Yum
2.2 Yum Configuration
2.2.1 Configuring Use of a Proxy Server
2.2.2 Yum Repository Configuration
2.3 Downloading the Oracle Linux Yum Server Repository Files
2.4 Using Yum from the Command Line
2.5 Yum Groups
2.6 Using the Yum Security Plugin
2.7 Switching CentOS or Scientific Linux Systems to Use the Oracle Linux Yum Server
2.8 Creating and Using a Local ULN Mirror
2.9 Creating a Local Yum Repository Using an ISO Image
2.10 Setting up a Local Yum Server Using an ISO Image
2.11 For More Information About Yum
3 Ksplice Uptrack
3.1 About Ksplice Uptrack
3.1.1 Supported Kernels
3.2 Registering to Use Ksplice Uptrack
3.3 Installing Ksplice Uptrack
3.4 Configuring Ksplice Uptrack
3.5 Managing Ksplice Updates
3.6 Patching and Updating Your System
3.7 Removing the Ksplice Uptrack software
3.8 About Ksplice Offline Client
3.8.1 Modifying a Local Yum Server to Act as a Ksplice Mirror
3.8.2 Configuring Ksplice Offline Clients
3.9 For More Information About Ksplice Uptrack
4 Boot and Service Configuration
4.1 About systemd
4.2 About the Boot Process
4.3 About the GRUB 2 Boot Loader
4.4 Kernel Boot Parameters
4.5 Modifying Kernel Boot Parameters Before Booting
4.6 Modifying Kernel Boot Parameters in GRUB 2
4.7 About System-State Targets
4.7.1 Displaying the Default and Active System-State Targets
4.7.2 Changing the Default and Active System-State Targets
4.7.3 Shutting Down, Suspending, or Rebooting the System
4.7.4 Starting and Stopping Services
4.7.5 Enabling and Disabling Services
4.7.6 Displaying the Status of Services
4.7.7 Controlling Access to System Resources
4.7.8 Modifying systemd Configuration Files
4.7.9 Running systemctl on a Remote System
5 System Configuration Settings
5.1 About /etc/sysconfig Files
5.2 About the /proc Virtual File System
5.2.1 Virtual Files and Directories Under /proc
5.2.2 Changing Kernel Parameters
5.2.3 Parameters that Control System Performance
5.2.4 Parameters that Control Kernel Panics
5.3 About the /sys Virtual File System
5.3.1 Virtual Directories Under /sys
6 Kernel Modules
6.1 About Kernel Modules
6.2 Listing Information about Loaded Modules
6.3 Loading and Unloading Modules
6.4 About Module Parameters
6.5 Specifying Modules to be Loaded at Boot Time
6.6 Weak Update Modules
7 Device Management
7.1 About Device Files
7.2 About the Udev Device Manager
7.3 About Udev Rules
7.4 Querying Udev and Sysfs
7.5 Modifying Udev Rules
8 Task Management
8.1 About Automating Tasks
8.2 Configuring cron Jobs
8.2.1 Controlling Access to Running cron Jobs
8.3 Configuring anacron Jobs
8.4 Running One-time Tasks
8.4.1 Changing the Behavior of Batch Jobs
9 System Monitoring and Tuning
9.1 About sosreport
9.1.1 Configuring and Using sosreport
9.2 About System Performance Tuning
9.2.1 About Performance Problems
9.2.2 Monitoring Usage of System Resources
9.2.3 Using the Graphical System Monitor
9.2.4 About OSWatcher Black Box
10 System Dump Analysis
10.1 About Kdump
10.1.1 Configuring and Using Kdump
10.1.2 Files Used by Kdump
10.1.3 Using Kdump with OCFS2
10.2 Using the crash Debugger
10.2.1 Installing the crash Packages
10.2.2 Running crash
10.2.3 Kernel Data Structure Analysis Commands
10.2.4 System State Commands
10.2.5 Helper Commands
10.2.6 Session Control Commands
10.2.7 Guidelines for Examining a Dump File
II Networking and Network Services
11 Network Configuration
11.1 About Network Interfaces
11.2 About Network Interface Names
11.3 About Network Configuration Files
11.3.1 /etc/hosts
11.3.2 /etc/nsswitch.conf
11.3.3 /etc/resolv.conf
11.3.4 /etc/sysconfig/network
11.4 Command-line Network Configuration Interfaces
11.5 Configuring Network Interfaces Using Graphical Interfaces
11.6 About Network Interface Bonding
11.6.1 Configuring Network Interface Bonding
11.7 About Network Interface Teaming
11.7.1 Configuring Network Interface Teaming
11.7.2 Adding Ports to and Removing Ports from a Team
11.7.3 Changing the Configuration of a Port in a Team
11.7.4 Removing a Team
11.7.5 Displaying Information About Teams
11.8 Configuring VLANs with Untagged Data Frames
11.8.1 Using the ip Command to Create VLAN Devices
11.9 Configuring Network Routing
12 Network Address Configuration
12.1 About the Dynamic Host Configuration Protocol
12.2 Configuring a DHCP Server
12.3 Configuring a DHCP Client
12.4 About Network Address Translation
13 Name Service Configuration
13.1 About DNS and BIND
13.2 About Types of Name Servers
13.3 About DNS Configuration Files
13.3.1 /etc/named.conf
13.3.2 About Resource Records in Zone Files
13.3.3 About Resource Records for Reverse-name Resolution
13.4 Configuring a Name Server
13.5 Administering the Name Service
13.6 Performing DNS Lookups
14 Network Time Configuration
14.1 About the chronyd Daemon
14.1.1 Configuring the chronyd Service
14.2 About the NTP Daemon
14.2.1 Configuring the ntpd Service
14.3 About PTP
14.3.1 Configuring the PTP Service
14.3.2 Using PTP as a Time Source for NTP
15 Web Service Configuration
15.1 About the Apache HTTP Server
15.2 Installing the Apache HTTP Server
15.3 Configuring the Apache HTTP Server
15.4 Testing the Apache HTTP Server
15.5 Configuring Apache Containers
15.5.1 About Nested Containers
15.6 Configuring Apache Virtual Hosts
16 Email Service Configuration
16.1 About Email Programs
16.2 About Email Protocols
16.2.1 About SMTP
16.2.2 About POP and IMAP
16.3 About the Postfix SMTP Server
16.4 About the Sendmail SMTP Server
16.4.1 About Sendmail Configuration Files
16.5 Forwarding Email
16.6 Configuring a Sendmail Client
17 High Availability Configuration
17.1 About Oracle Linux high availability services
17.2 Installing Pacemaker and Corosync
17.3 Configuring Your First Cluster and Service
17.4 Fencing Configuration
17.5 More Information
18 Load Balancing Configuration
18.1 About HAProxy
18.2 Installing and Configuring HAProxy
18.2.1 About the HAProxy Configuration File
18.3 Configuring Simple Load Balancing Using HAProxy
18.3.1 Configuring HAProxy for Session Persistence
18.4 About Keepalived
18.5 Installing and Configuring Keepalived
18.5.1 About the Keepalived Configuration File
18.6 Configuring Simple Virtual IP Address Failover Using Keepalived
18.7 Configuring Load Balancing Using Keepalived in NAT Mode
18.7.1 Configuring Firewall Rules for Keepalived NAT-Mode Load Balancing
18.7.2 Configuring Back-End Server Routing for Keepalived NAT-Mode Load Balancing
18.8 Configuring Load Balancing Using Keepalived in DR Mode
18.8.1 Configuring Firewall Rules for Keepalived DR-Mode Load Balancing
18.8.2 Configuring the Back-End Servers for Keepalived DR-Mode Load Balancing
18.9 Configuring Keepalived for Session Persistence and Firewall Marks
18.10 Making HAProxy Highly Available Using Keepalived
18.11 About Keepalived Notification and Tracking Scripts
18.12 Making HAProxy Highly Available Using Oracle Clusterware
19 VNC Service Configuration
19.1 About VNC
19.2 Configuring a VNC Server
19.3 Connecting to VNC Desktop
III Storage and File Systems
20 Storage Management
20.1 About Disk Partitions
20.1.1 Managing Partition Tables Using fdisk
20.1.2 Managing Partition Tables Using parted
20.1.3 Mapping Partition Tables to Devices
20.2 About Swap Space
20.2.1 Viewing Swap Space Usage
20.2.2 Creating and Using a Swap File
20.2.3 Creating and Using a Swap Partition
20.2.4 Removing a Swap File or Swap Partition
20.3 About Logical Volume Manager
20.3.1 Initializing and Managing Physical Volumes
20.3.2 Creating and Managing Volume Groups
20.3.3 Creating and Managing Logical Volumes
20.3.4 Creating Logical Volume Snapshots
20.3.5 Creating and Managing Thinly-Provisioned Logical Volumes
20.3.6 Using snapper with Thinly-Provisioned Logical Volumes
20.4 About Software RAID
20.4.1 Creating Software RAID Devices
20.5 Creating Encrypted Block Devices
20.6 SSD Configuration Recommendations for Btrfs, ext4, and Swap
20.7 About Linux-IO Storage Configuration
20.7.1 Configuring an iSCSI Target
20.7.2 Restoring a Saved Configuration for an iSCSI target
20.7.3 Configuring an iSCSI Initiator
20.7.4 Updating the Discovery Database
20.8 About Device Multipathing
20.8.1 Configuring Multipathing
21 File System Administration
21.1 Making File Systems
21.2 Mounting File Systems
21.2.1 About Mount Options
21.3 About the File System Mount Table
21.4 Configuring the Automounter
21.5 Mounting a File Containing a File System Image
21.6 Creating a File System on a File
21.7 Checking and Repairing a File System
21.7.1 Changing the Frequency of File System Checking
21.8 About Access Control Lists
21.8.1 Configuring ACL Support
21.8.2 Setting and Displaying ACLs
21.9 About Disk Quotas
21.9.1 Enabling Disk Quotas on File Systems
21.9.2 Assigning Disk Quotas to Users and Groups
21.9.3 Setting the Grace Period
21.9.4 Displaying Disk Quotas
21.9.5 Enabling and Disabling Disk Quotas
21.9.6 Reporting on Disk Quota Usage
21.9.7 Maintaining the Accuracy of Disk Quota Reporting
22 Local File System Administration
22.1 About Local File Systems
22.2 About the Btrfs File System
22.3 Creating a Btrfs File System
22.4 Modifying a Btrfs File System
22.5 Compressing and Defragmenting a Btrfs File System
22.6 Resizing a Btrfs File System
22.7 Creating Subvolumes and Snapshots
22.7.1 Using snapper with Btrfs Subvolumes
22.7.2 Cloning Virtual Machine Images and Linux Containers
22.8 Using the Send/Receive Feature
22.8.1 Using Send/Receive to Implement Incremental Backups
22.9 Using Quota Groups
22.10 Replacing Devices on a Live File System
22.11 Creating Snapshots of Files
22.12 Converting an Ext2, Ext3, or Ext4 File System to a Btrfs File System
22.12.1 Converting a Non-root File System
22.13 About the Btrfs root File System
22.13.1 Creating Snapshots of the root File System
22.13.2 Mounting Alternate Snapshots as the root File System
22.13.3 Deleting Snapshots of the root File System
22.14 Converting a Non-root Ext2 File System to Ext3
22.15 Converting a root Ext2 File System to Ext3
22.16 Creating a Local OCFS2 File System
22.17 About the XFS File System
22.17.1 About External XFS Journals
22.17.2 About XFS Write Barriers
22.17.3 About Lazy Counters
22.18 Installing the XFS Packages
22.19 Creating an XFS File System
22.20 Modifying an XFS File System
22.21 Growing an XFS File System
22.22 Freezing and Unfreezing an XFS File System
22.23 Setting Quotas on an XFS File System
22.23.1 Setting Project Quotas
22.24 Backing up and Restoring XFS File Systems
22.25 Defragmenting an XFS File System
22.26 Checking and Repairing an XFS File System
23 Shared File System Administration
23.1 About Shared File Systems
23.2 About NFS
23.2.1 Configuring an NFS Server
23.2.2 Mounting an NFS File System
23.3 About Samba
23.3.1 Configuring a Samba Server
23.3.2 About Samba Configuration for Windows Workgroups and Domains
23.3.3 Accessing Samba Shares from a Windows Client
23.3.4 Accessing Samba Shares from an Oracle Linux Client
24 Oracle Cluster File System Version 2
24.1 About OCFS2
24.2 Installing and Configuring OCFS2
24.2.1 Preparing a Cluster for OCFS2
24.2.2 Configuring the Firewall
24.2.3 Configuring the Cluster Software
24.2.4 Creating the Configuration File for the Cluster Stack
24.2.5 Configuring the Cluster Stack
24.2.6 Configuring the Kernel for Cluster Operation
24.2.7 Starting and Stopping the Cluster Stack
24.2.8 Creating OCFS2 volumes
24.2.9 Mounting OCFS2 Volumes
24.2.10 Querying and Changing Volume Parameters
24.3 Troubleshooting OCFS2
24.3.1 Recommended Tools for Debugging
24.3.2 Mounting the debugfs File System
24.3.3 Configuring OCFS2 Tracing
24.3.4 Debugging File System Locks
24.3.5 Configuring the Behavior of Fenced Nodes
24.4 Use Cases for OCFS2
24.4.1 Load Balancing
24.4.2 Oracle Real Application Cluster (RAC)
24.4.3 Oracle Databases
24.5 For More Information About OCFS2
IV Authentication and Security
25 Authentication Configuration
25.1 About Authentication
25.2 About Local Oracle Linux Authentication
25.2.1 Configuring Local Access
25.2.2 Configuring Fingerprint Reader Authentication
25.2.3 Configuring Smart Card Authentication
25.3 About IPA Authentication
25.3.1 Configuring IPA Authentication
25.4 About LDAP Authentication
25.4.1 About LDAP Data Interchange Format
25.4.2 Configuring an LDAP Server
25.4.3 Replacing the Default Certificates
25.4.4 Creating and Distributing Self-signed CA Certificates
25.4.5 Initializing an Organization in LDAP
25.4.6 Adding an Automount Map to LDAP
25.4.7 Adding a Group to LDAP
25.4.8 Adding a User to LDAP
25.4.9 Adding Users to a Group in LDAP
25.4.10 Enabling LDAP Authentication
25.5 About NIS Authentication
25.5.1 About NIS Maps
25.5.2 Configuring an NIS Server
25.5.3 Adding User Accounts to NIS
25.5.4 Enabling NIS Authentication
25.6 About Kerberos Authentication
25.6.1 Configuring a Kerberos Server
25.6.2 Configuring a Kerberos Client
25.6.3 Enabling Kerberos Authentication
25.7 About Pluggable Authentication Modules
25.8 About the System Security Services Daemon
25.8.1 Configuring an SSSD Server
25.9 About Winbind Authentication
25.9.1 Enabling Winbind Authentication
26 Local Account Configuration
26.1 About User and Group Configuration
26.2 Changing Default Settings for User Accounts
26.3 Creating User Accounts
26.3.1 About umask and the setgid and Restricted Deletion Bits
26.4 Locking an Account
26.5 Modifying or Deleting User Accounts
26.6 Creating Groups
26.7 Modifying or Deleting Groups
26.8 Configuring Password Ageing
26.9 Granting sudo Access to Users
27 System Security Administration
27.1 About System Security
27.2 Configuring and Using SELinux
27.2.1 About SELinux Administration
27.2.2 About SELinux Modes
27.2.3 Setting SELinux Modes
27.2.4 About SELinux Policies
27.2.5 About SELinux Context
27.2.6 About SELinux Users
27.2.7 Troubleshooting Access-Denial Messages
27.3 About Packet-filtering Firewalls
27.3.1 Controlling the firewalld Firewall Service
27.3.2 Controlling the iptables Firewall Service
27.4 About TCP Wrappers
27.5 About chroot Jails
27.5.1 Running DNS and FTP Services in a Chroot Jail
27.5.2 Creating a Chroot Jail
27.5.3 Using a Chroot Jail
27.6 About Auditing
27.7 About System Logging
27.7.1 Configuring Logwatch
27.8 About Process Accounting
27.9 Security Guidelines
27.9.1 Minimizing the Software Footprint
27.9.2 Configuring System Logging
27.9.3 Disabling Core Dumps
27.9.4 Minimizing Active Services
27.9.5 Locking Down Network Services
27.9.6 Configuring a Packet-filtering Firewall
27.9.7 Configuring TCP Wrappers
27.9.8 Configuring Kernel Parameters
27.9.9 Restricting Access to SSH Connections
27.9.10 Configuring File System Mounts, File Permissions, and File Ownerships
27.9.11 Checking User Accounts and Privileges
28 OpenSSH Configuration
28.1 About OpenSSH
28.2 OpenSSH Configuration Files
28.2.1 OpenSSH User Configuration Files
28.3 Configuring an OpenSSH Server
28.4 Installing the OpenSSH Client Packages
28.5 Using the OpenSSH Utilities
28.5.1 Using ssh to Connect to Another System
28.5.2 Using scp and sftp to Copy Files Between Systems
28.5.3 Using ssh-keygen to Generate Pairs of Authentication Keys
28.5.4 Enabling Remote System Access Without Requiring a Password
V Virtualization
29 Linux Containers
29.1 About Linux Containers
29.1.1 Supported Oracle Linux Container Versions
29.2 Configuring Operating System Containers
29.2.1 Installing and Configuring the Software
29.2.2 Setting up the File System for the Containers
29.2.3 Creating and Starting a Container
29.2.4 About the lxc-oracle Template Script
29.2.5 About Veth and Macvlan
29.2.6 Modifying a Container to Use Macvlan
29.3 Logging in to Containers
29.4 Creating Additional Containers
29.5 Monitoring and Shutting Down Containers
29.6 Starting a Command Inside a Running Container
29.7 Controlling Container Resources
29.8 Configuring ulimit Settings for an Oracle Linux Container
29.9 Configuring Kernel Parameter Settings for Oracle Linux Containers
29.10 Deleting Containers
29.11 Running Application Containers
29.12 For More Information About Linux Containers
30 Using KVM with Oracle Linux
30.1 Installing Virtualization Packages
30.1.1 Virtualization Packages
30.1.2 Virtualization Package Yum Repositories and ULN Channels
30.1.3 Installing Virtualization Packages During System Installation
30.1.4 Installing Virtualization Packages on an Existing System
30.1.5 Upgrading Virtualization Packages
30.1.6 Checking the Libvirt Daemon Status
30.2 Oracle VirtIO Drivers for Microsoft Windows
30.2.1 Supported Releases, Operating Systems, and Configuration Limits
30.2.2 Installing the Oracle VirtIO Drivers for Microsoft Windows
30.2.3 Upgrading the Oracle VirtIO Drivers for Microsoft Windows
30.2.4 Silently Installing or Upgrading the Oracle VirtIO Drivers for Microsoft Windows
30.2.5 Uninstalling the Oracle VirtIO Drivers for Microsoft Windows
30.2.6 Known Limitations and Workarounds