Oracle® Linux 7

Administrator's Guide

Oracle Legal Notices
Oracle Documentation License


April 2020

Table of Contents

I System Configuration
1 Yum
1.1 About Yum
1.2 About ULN
1.3 Yum Configuration
1.3.1 Configuring Use of a Proxy Server
1.3.2 Yum Repository Configuration
1.3.3 Downloading the Oracle Linux Yum Server Repository Files
1.3.4 Using Yum on Oracle Cloud Infrastructure Systems
1.3.5 Using Yum Utilities to Manage Configuration
1.4 Using Yum from the Command Line
1.5 Yum Groups
1.6 Using the Yum Security Plugin
1.7 Switching CentOS or Scientific Linux Systems to Use the Oracle Linux Yum Server
1.8 Creating and Using a Local ULN Mirror
1.9 Creating a Local Yum Repository Using an ISO Image
1.10 Setting up a Local Yum Server Using an ISO Image
1.11 Using the yum-cron Interface to Automatically Keep Your System Up To Date
1.12 For More Information About Yum
2 Ksplice
2.1 Overview of Oracle Ksplice
2.1.1 Supported Kernels
2.1.2 About Ksplice Updates
2.1.3 Patching and Updating Your System
2.2 About the Ksplice Client Software
2.2.1 About the Ksplice Enhanced Client
2.2.2 About the Ksplice Uptrack Client
2.3 Choosing a Ksplice Client
2.4 Preparing to Use Oracle Ksplice
3 Boot and Service Configuration
3.1 About systemd
3.2 About the Boot Process
3.3 Working With the GRUB 2 Bootloader
3.3.1 Customizing GRUB 2 Configuration
3.3.2 Using the GRUB 2 Bootloader to Set the Default Boot Kernel
3.4 Kernel Boot Parameters
3.5 Modifying Kernel Boot Parameters Before Booting
3.6 Modifying Kernel Boot Parameters in GRUB 2
3.7 About System-State Targets
3.7.1 Displaying the Default and Active System-State Targets
3.7.2 Changing the Default and Active System-State Targets
3.7.3 Shutting Down, Suspending, or Rebooting the System
3.7.4 Starting and Stopping Services
3.7.5 Enabling and Disabling Services
3.7.6 Displaying the Status of Services
3.7.7 Controlling Access to System Resources
3.7.8 Modifying systemd Configuration Files
3.7.9 Running systemctl on a Remote System
4 System Configuration Settings
4.1 About /etc/sysconfig Files
4.2 About the /proc Virtual File System
4.2.1 Virtual Files and Directories Under /proc
4.2.2 Changing Kernel Parameters
4.2.3 Parameters that Control System Performance
4.2.4 Parameters that Control Kernel Panics
4.3 About the /sys Virtual File System
4.3.1 Virtual Directories Under /sys
4.4 System Date and Time Settings
5 Kernel Modules
5.1 About Kernel Modules
5.2 Listing Information about Loaded Modules
5.3 Loading and Unloading Modules
5.4 About Module Parameters
5.5 Specifying Modules to be Loaded at Boot Time
5.6 Weak Update Modules
6 Device Management
6.1 About Device Files
6.2 About the Udev Device Manager
6.3 About Udev Rules
6.4 Querying Udev and Sysfs
6.5 Modifying Udev Rules
7 Task Management
7.1 About Automating Tasks
7.2 Configuring cron Jobs
7.2.1 Controlling Access to Running cron Jobs
7.3 Configuring anacron Jobs
7.4 Running One-time Tasks
7.4.1 Changing the Behavior of Batch Jobs
8 System Monitoring and Tuning
8.1 About sosreport
8.1.1 Configuring and Using sosreport
8.2 About System Performance Tuning
8.2.1 About Performance Problems
8.2.2 Monitoring Usage of System Resources
8.2.3 Using the Graphical System Monitor
8.2.4 About OSWatcher Black Box
9 System Dump Analysis
9.1 About Kdump
9.1.1 Configuring and Using Kdump
9.1.2 Files Used by Kdump
9.1.3 Using Kdump with OCFS2
9.2 Using the crash Debugger
9.2.1 Installing the crash Packages
9.2.2 Running crash
9.2.3 Kernel Data Structure Analysis Commands
9.2.4 System State Commands
9.2.5 Helper Commands
9.2.6 Session Control Commands
9.2.7 Guidelines for Examining a Dump File
II Networking and Network Services
10 Network Configuration
10.1 About Network Interfaces
10.2 About Network Interface Names
10.3 About Network Configuration Files
10.3.1 /etc/hosts
10.3.2 /etc/nsswitch.conf
10.3.3 /etc/resolv.conf
10.3.4 /etc/sysconfig/network
10.4 Command-line Network Configuration Interfaces
10.5 Configuring Network Interfaces Using Graphical Interfaces
10.6 About Network Interface Bonding
10.6.1 Configuring Network Interface Bonding
10.7 About Network Interface Teaming
10.7.1 Configuring Network Interface Teaming
10.7.2 Adding Ports to and Removing Ports from a Team
10.7.3 Changing the Configuration of a Port in a Team
10.7.4 Removing a Team
10.7.5 Displaying Information About Teams
10.8 Configuring VLANs with Untagged Data Frames
10.8.1 Using the ip Command to Create VLAN Devices
10.9 Configuring Network Routing
11 Network Address Configuration
11.1 About the Dynamic Host Configuration Protocol
11.2 Configuring a DHCP Server
11.3 Configuring a DHCP Client
11.4 About Network Address Translation
12 Name Service Configuration
12.1 About DNS and BIND
12.2 About Types of Name Servers
12.3 About DNS Configuration Files
12.3.1 /etc/named.conf
12.3.2 About Resource Records in Zone Files
12.3.3 About Resource Records for Reverse-name Resolution
12.4 Configuring a Name Server
12.5 Administering the Name Service
12.6 Performing DNS Lookups
13 Network Time Configuration
13.1 About the chronyd Daemon
13.1.1 Configuring the chronyd Service
13.2 About the NTP Daemon
13.2.1 Configuring the ntpd Service
13.3 About PTP
13.3.1 Configuring the PTP Service
13.3.2 Using PTP as a Time Source for NTP
14 Web Service Configuration
14.1 About the Apache HTTP Server
14.2 Installing the Apache HTTP Server
14.3 Configuring the Apache HTTP Server
14.4 Testing the Apache HTTP Server
14.5 Configuring Apache Containers
14.5.1 About Nested Containers
14.6 Configuring Apache Virtual Hosts
15 Email Service Configuration
15.1 About Email Programs
15.2 About Email Protocols
15.2.1 About SMTP
15.2.2 About POP and IMAP
15.3 About the Postfix SMTP Server
15.4 About the Sendmail SMTP Server
15.4.1 About Sendmail Configuration Files
15.5 Forwarding Email
15.6 Configuring a Sendmail Client
16 High Availability Configuration
16.1 About Oracle Linux high availability services
16.2 Installing Pacemaker and Corosync
16.3 Configuring Your First Cluster and Service
16.4 Fencing Configuration
16.5 More Information
17 Load Balancing Configuration
17.1 About HAProxy
17.2 Installing and Configuring HAProxy
17.2.1 About the HAProxy Configuration File
17.3 Configuring Simple Load Balancing Using HAProxy
17.3.1 Configuring HAProxy for Session Persistence
17.4 About Keepalived
17.5 Installing and Configuring Keepalived
17.5.1 About the Keepalived Configuration File
17.6 Configuring Simple Virtual IP Address Failover Using Keepalived
17.7 Configuring Load Balancing Using Keepalived in NAT Mode
17.7.1 Configuring Firewall Rules for Keepalived NAT-Mode Load Balancing
17.7.2 Configuring Back-End Server Routing for Keepalived NAT-Mode Load Balancing
17.8 Configuring Load Balancing Using Keepalived in DR Mode
17.8.1 Configuring Firewall Rules for Keepalived DR-Mode Load Balancing
17.8.2 Configuring the Back-End Servers for Keepalived DR-Mode Load Balancing
17.9 Configuring Keepalived for Session Persistence and Firewall Marks
17.10 Making HAProxy Highly Available Using Keepalived
17.11 About Keepalived Notification and Tracking Scripts
17.12 Making HAProxy Highly Available Using Oracle Clusterware
18 VNC Service Configuration
18.1 About VNC
18.2 Configuring a VNC Server
18.3 Connecting to VNC Desktop
III Storage and File Systems
19 Storage Management
19.1 About Disk Partitions
19.1.1 Managing Partition Tables Using fdisk
19.1.2 Managing Partition Tables Using parted
19.1.3 Mapping Partition Tables to Devices
19.2 About Swap Space
19.2.1 Viewing Swap Space Usage
19.2.2 Creating and Using a Swap File
19.2.3 Creating and Using a Swap Partition
19.2.4 Removing a Swap File or Swap Partition
19.3 About Logical Volume Manager
19.3.1 Initializing and Managing Physical Volumes
19.3.2 Creating and Managing Volume Groups
19.3.3 Creating and Managing Logical Volumes
19.3.4 Creating Logical Volume Snapshots
19.3.5 Creating and Managing Thinly-Provisioned Logical Volumes
19.3.6 Using snapper with Thinly-Provisioned Logical Volumes
19.4 About Software RAID
19.4.1 Creating Software RAID Devices
19.5 Creating Encrypted Block Devices
19.6 SSD Configuration Recommendations for Btrfs, ext4, and Swap
19.7 About Linux-IO Storage Configuration
19.7.1 Configuring an iSCSI Target
19.7.2 Restoring a Saved Configuration for an iSCSI target
19.7.3 Configuring an iSCSI Initiator
19.7.4 Updating the Discovery Database
19.8 About Device Multipathing
19.8.1 Configuring Multipathing
20 File System Administration
20.1 Making File Systems
20.2 Mounting File Systems
20.2.1 About Mount Options
20.3 About the File System Mount Table
20.4 Configuring the Automounter
20.5 Mounting a File Containing a File System Image
20.6 Creating a File System on a File
20.7 Checking and Repairing a File System
20.7.1 Changing the Frequency of File System Checking
20.8 About Access Control Lists
20.8.1 Configuring ACL Support
20.8.2 Setting and Displaying ACLs
20.9 About Disk Quotas
20.9.1 Enabling Disk Quotas on File Systems
20.9.2 Assigning Disk Quotas to Users and Groups
20.9.3 Setting the Grace Period
20.9.4 Displaying Disk Quotas
20.9.5 Enabling and Disabling Disk Quotas
20.9.6 Reporting on Disk Quota Usage
20.9.7 Maintaining the Accuracy of Disk Quota Reporting
21 Local File System Administration
21.1 About Local File Systems
21.2 About the Btrfs File System
21.3 Creating a Btrfs File System
21.4 Modifying a Btrfs File System
21.5 Compressing and Defragmenting a Btrfs File System
21.6 Resizing a Btrfs File System
21.7 Creating Subvolumes and Snapshots
21.7.1 Using snapper with Btrfs Subvolumes
21.7.2 Cloning Virtual Machine Images and Linux Containers
21.8 Using the Send/Receive Feature
21.8.1 Using Send/Receive to Implement Incremental Backups
21.9 Using Quota Groups
21.10 Replacing Devices on a Live File System
21.11 Creating Snapshots of Files
21.12 Converting an Ext2, Ext3, or Ext4 File System to a Btrfs File System
21.12.1 Converting a Non-root File System
21.13 About the Btrfs root File System
21.13.1 Creating Snapshots of the root File System
21.13.2 Mounting Alternate Snapshots as the root File System
21.13.3 Deleting Snapshots of the root File System
21.14 Converting a Non-root Ext2 File System to Ext3
21.15 Converting a root Ext2 File System to Ext3
21.16 Creating a Local OCFS2 File System
21.17 About the XFS File System
21.17.1 About External XFS Journals
21.17.2 About XFS Write Barriers
21.17.3 About Lazy Counters
21.18 Installing the XFS Packages
21.19 Creating an XFS File System
21.20 Modifying an XFS File System
21.21 Growing an XFS File System
21.22 Freezing and Unfreezing an XFS File System
21.23 Setting Quotas on an XFS File System
21.23.1 Setting Project Quotas
21.24 Backing up and Restoring XFS File Systems
21.25 Defragmenting an XFS File System
21.26 Checking and Repairing an XFS File System
22 Shared File System Administration
22.1 About Shared File Systems
22.2 About NFS
22.2.1 Configuring an NFS Server
22.2.2 Mounting an NFS File System
22.3 About Samba
22.3.1 Configuring a Samba Server
22.3.2 About Samba Configuration for Windows Workgroups and Domains
22.3.3 Accessing Samba Shares from a Windows Client
22.3.4 Accessing Samba Shares from an Oracle Linux Client
23 Oracle Cluster File System Version 2
23.1 About OCFS2
23.2 Installing and Configuring OCFS2
23.2.1 Preparing a Cluster for OCFS2
23.2.2 Configuring the Firewall
23.2.3 Configuring the Cluster Software
23.2.4 Creating the Configuration File for the Cluster Stack
23.2.5 Configuring the Cluster Stack
23.2.6 Configuring the Kernel for Cluster Operation
23.2.7 Starting and Stopping the Cluster Stack
23.2.8 Creating OCFS2 volumes
23.2.9 Mounting OCFS2 Volumes
23.2.10 Querying and Changing Volume Parameters
23.3 Troubleshooting OCFS2
23.3.1 Recommended Tools for Debugging
23.3.2 Mounting the debugfs File System
23.3.3 Configuring OCFS2 Tracing
23.3.4 Debugging File System Locks
23.3.5 Configuring the Behavior of Fenced Nodes
23.4 Use Cases for OCFS2
23.4.1 Load Balancing
23.4.2 Oracle Real Application Cluster (RAC)
23.4.3 Oracle Databases
23.5 For More Information About OCFS2
IV Authentication and Security
24 Authentication Configuration
24.1 About Authentication
24.2 About Local Oracle Linux Authentication
24.2.1 Configuring Local Access
24.2.2 Configuring Fingerprint Reader Authentication
24.2.3 Configuring Smart Card Authentication
24.3 About IPA Authentication
24.3.1 Configuring IPA Authentication
24.4 About LDAP Authentication
24.4.1 About LDAP Data Interchange Format
24.4.2 Configuring an LDAP Server
24.4.3 Replacing the Default Certificates
24.4.4 Creating and Distributing Self-signed CA Certificates
24.4.5 Initializing an Organization in LDAP
24.4.6 Adding an Automount Map to LDAP
24.4.7 Adding a Group to LDAP
24.4.8 Adding a User to LDAP
24.4.9 Adding Users to a Group in LDAP
24.4.10 Enabling LDAP Authentication
24.5 About NIS Authentication
24.5.1 About NIS Maps
24.5.2 Configuring an NIS Server
24.5.3 Adding User Accounts to NIS
24.5.4 Enabling NIS Authentication
24.6 About Kerberos Authentication
24.6.1 Configuring a Kerberos Server
24.6.2 Configuring a Kerberos Client
24.6.3 Enabling Kerberos Authentication
24.7 About Pluggable Authentication Modules
24.8 About the System Security Services Daemon
24.8.1 Configuring an SSSD Server
24.9 About Winbind Authentication
24.9.1 Enabling Winbind Authentication
25 Local Account Configuration
25.1 About User and Group Configuration
25.2 Changing Default Settings for User Accounts
25.3 Creating User Accounts
25.3.1 About umask and the setgid and Restricted Deletion Bits
25.4 Locking an Account
25.5 Modifying or Deleting User Accounts
25.6 Creating Groups
25.7 Modifying or Deleting Groups
25.8 Configuring Password Ageing
25.9 Granting sudo Access to Users
26 System Security Administration
26.1 About System Security
26.2 Configuring and Using SELinux
26.2.1 About SELinux Administration
26.2.2 About SELinux Modes
26.2.3 Setting SELinux Modes
26.2.4 About SELinux Policies
26.2.5 About SELinux Context
26.2.6 About SELinux Users
26.2.7 Troubleshooting Access-Denial Messages
26.3 About Packet-filtering Firewalls
26.3.1 Controlling the firewalld Firewall Service
26.3.2 Controlling the iptables Firewall Service
26.4 About TCP Wrappers
26.5 About chroot Jails
26.5.1 Running DNS and FTP Services in a Chroot Jail
26.5.2 Creating a Chroot Jail
26.5.3 Using a Chroot Jail
26.6 About Auditing
26.7 About System Logging
26.7.1 Configuring Logwatch
26.8 About Process Accounting
26.9 Security Guidelines
26.9.1 Minimizing the Software Footprint
26.9.2 Configuring System Logging
26.9.3 Disabling Core Dumps
26.9.4 Minimizing Active Services
26.9.5 Locking Down Network Services
26.9.6 Configuring a Packet-filtering Firewall
26.9.7 Configuring TCP Wrappers
26.9.8 Configuring Kernel Parameters
26.9.9 Restricting Access to SSH Connections
26.9.10 Configuring File System Mounts, File Permissions, and File Ownerships
26.9.11 Checking User Accounts and Privileges
27 OpenSSH Configuration
27.1 About OpenSSH
27.2 OpenSSH Configuration Files
27.2.1 OpenSSH User Configuration Files
27.3 Configuring an OpenSSH Server
27.4 Installing the OpenSSH Client Packages
27.5 Using the OpenSSH Utilities
27.5.1 Using ssh to Connect to Another System
27.5.2 Using scp and sftp to Copy Files Between Systems
27.5.3 Using ssh-keygen to Generate Pairs of Authentication Keys
27.5.4 Enabling Remote System Access Without Requiring a Password
V Virtualization
28 Linux Containers
28.1 About Linux Containers
28.1.1 Supported Oracle Linux Container Versions
28.2 Configuring Operating System Containers
28.2.1 Installing and Configuring the Software
28.2.2 Setting up the File System for the Containers
28.2.3 Creating and Starting a Container
28.2.4 About the lxc-oracle Template Script
28.2.5 About Veth and Macvlan
28.2.6 Modifying a Container to Use Macvlan
28.3 Logging in to Containers
28.4 Creating Additional Containers
28.5 Monitoring and Shutting Down Containers
28.6 Starting a Command Inside a Running Container
28.7 Controlling Container Resources
28.8 Configuring ulimit Settings for an Oracle Linux Container
28.9 Configuring Kernel Parameter Settings for Oracle Linux Containers
28.10 Deleting Containers
28.11 Running Application Containers
28.12 For More Information About Linux Containers
29 Using KVM With Oracle Linux
29.1 Installing Virtualization Packages
29.1.1 About Virtualization Packages
29.1.2 Yum Repositories and ULN Channels for Virtualization Packages
29.1.3 Installing Virtualization Packages During at Installation Time
29.1.4 Installing Virtualization Packages on an Existing System
29.1.5 Upgrading Virtualization Packages
29.1.6 Checking the libvirt Daemon Status
29.2 Oracle VirtIO Drivers for Microsoft Windows
29.2.1 Supported Releases, Operating Systems, and Configuration Limits
29.2.2 Installing the Oracle VirtIO Drivers for Microsoft Windows
29.2.3 Upgrading the Oracle VirtIO Drivers for Microsoft Windows
29.2.4 Silently Installing or Upgrading the Oracle VirtIO Drivers for Microsoft Windows
29.2.5 Uninstalling the Oracle VirtIO Drivers for Microsoft Windows
29.2.6 Known Limitations and Workarounds