RHCSA Preparation Guide

This page is for those preparing for the RHCSA exam. The information here along with the downloadable VirtualBox virtual machines will help students ready themselves for the exam through practice. No hints are given to what’s on the exam.

TIP: Time yourself to complete the process and try it the next day to see how you retain information and improve your performance. Import the virtual machines and then clone them before you try it out. That way, you can always revert back and try again.

There are two virtual machines to download; the server and the client. The following shows required settings, credentials and IP addresses. The IP addresses may need to be adjusted for your environment. The server virtual machine has two names; “server.agix.local” and “ipa.agix.local” that must resolve to it’s IP address. The client’s name is “client.agix.local” and it must resolve to it’s IP address. You will need to either configure a DNS resolver for this or edit your “host” files on your workstation, the server and the client.

DNS/host and IP settings:
server.agix.local -> 10.0.0.99/24
ipa.agix.local -> 10.0.0.99/24
client.agix.local -> 10.0.0.98/24

Network settings:
DNS server: 10.0.0.7 (adjust for your environment)
Gateway: 10.0.0.7 (adjust for your environment)

Credentials:
Server and Client root login: root/redhat
Ldap test user: ldap1/ldap1
Samba test login: samba/samba

Server Objectives:

Complete these objectives on the server virtual machine.

  1. Bring up the network with the static IP address of “10.0.0.99/24”, gateway of “10.0.0.7” and DNS server of “10.0.0.7”.
  2. Configure the firewall to allow access to http, https, NFS, rpcbind and samba.
  3. Set the “systemctl” default target to “multi-user” persistently. Change into the new default.
  4. Set the hostname to “ipa.agix.local”.
  5. Set the timezone to your local timezone.
  6. Verify and start the “ipa” service to enable LDAP and Kerberos services.
  7. Log into “https://ipa.agix.local” as “ldap1/ldap1” and reset the “ldap1” password. This new password will be used later in the client solution.

Client Objectives:

Complete theses objectives on the client virtual machine.

  1. Bring up the network with the correct IP address of “10.0.0.98/24”, gateway of “10.0.0.7” and DNS server of “10.0.0.7”.
  2. Set the hostname to “client.agix.local”.
  3. Set the timezone to be yours.
  4. Extend “centos-root” LV by “8G” and “centos-swap” LV by “1020MB”. Tip, the two additional hard disks are these sizes. Make sure the new swap and root space are fully utilized.
  5. Execute “/root/password.sh” and reboot the system. Boot the system and reset the root password using the Grub2 boot options.
  6. Join the “client.agix.local” host to the LDAP/kerberos (IPA) system hosted at “ipa.agix.local” with a Base Domain of “dc=agix,dc=local”, a Realm of “AGIX.LOCAL”, KDC and Admin server of “ipa.agix.local”.
  7. Test that you can see details of the “ldap1” LDAP user.
  8. Create a local group called “mygroup”. Create a local user called “redhat” and make that user a member of the “mygroup” group.
  9. Install Apache, set it to start on boot and ensure that the “redhat” user can publish a web page from “http://client.agix.local/~redhat”. Modify the firewall to allow remote access to the “client.agix.local” host on port 80.
  10. Mount the “server.agix.local:/webdocs” NFS export as “/mnt/webdocs” on the client. Set it to mount on boot.
  11. Configure Apache to use the new web directory of “/opt/webdocs/html” rather than the default location.
  12. Ensure the “ldap1” user’s home directory mounts automatically (using autofs with kerberos/krb5p) on login via NFS where “server.agix.local:/home/” is the source of user’s home directories.
  13. Using autofs, mount the “public” CIFS share shared on “server.agix.local” to “/mnt/samba.public” on the client using the “samba” user on the “REDHAT” domain/workgroup.

Solutions

The remainder of this page demonstrates how to solve the process step-by-step. Don’t use it unless you get stuck.

Server solution

1. Prepare the network.

nmcli con up enp0s3
nmcli con mod enp0s3 connection.autoconnect on
nmcli con mod enp0s3 ip4 10.0.0.99/24 gw4 10.0.0.7 ipv4.dns 10.0.0.7
verify and make final changes to "/etc/sysconfig/network-scripts/ifcfg-enp0s3"
ifdown enp0s3
ifup enp0s3

2. Configure the firewall.

firewall-cmd —-list-services
firewall-cmd —-add-service nfs —permanent
firewall-cmd —-add-service rpc-bind —permanent
firewall-cmd —-add-service samba —permanent
firewall-cmd —-add-service http —permanent
firewall-cmd —-add-service https —permanent
firewall-cmd —-reload

3. Set and make active the “multi-user” target.

systemctl get-default
systemctl set-default multi-user
systemctl isolate multi-user

4. Set the hostname.

hostnamectl set-hostname server.agix.local

5. Set the timezone.

ls -l /etc/localtime
rm /etc/localtime
ln -s /usr/share/zoneinfo/Australia/Adelaide /etc/localtime

6. Verify the IPA service is running and restart it if necessary. You may need to reboot before this stage.

systemctl status ipa
systemctl restart ipa

7. The server is configured. Log into “https://server.agix.local” as “ldap1/ldap1” and change the password to something you’ll remember. You need to use it later in the client-side setup.

Client Solution

1. Prepare the network:

nmcli con up enp0s3
nmcli con mod enp0s3 connection.autoconnect on
nmcli con mod enp0s3 ip4 10.0.0.98/24 gw4 10.0.0.7 ipv4.dns 10.0.0.7
verify and make final changes to "/etc/sysconfig/network-scripts/ifcfg-enp0s3"
ifdown enp0s3
ifup enp0s3

2. Set the hostname:

hostnamectl set-hostname client.agix.local

3. Set the timezone:

ls -l /etc/localtime
rm /etc/localtime
ln -s /usr/share/zoneinfo/Australia/Adelaide /etc/localtime

4. Add disks to LVM and extend the “swap” LV by 1020M and extend the “root” LV by 8G.

lsblk (take note)
fdisk /dev/sdb (create a new partition of type 8e)
fdisk /dev/sdc (create a new partition of type 8e)
pvcreate /dev/sdb1 /dev/sdc1
vgextend centos /dev/sdb1 /dev/sdc1
pvs (take note)
lvs (take note)
lvextend /dev/mapper/swap -L+1020M
lvextend /dev/mapper/root -L+8G
xfs_growfs /
swapoff -a
mkswap /dev/mapper/centos-swap
swapon -a

5. Execute the password script and reboot.

/root/password.sh
reboot

Reset the root password on boot.

Interrupt the boot process at the grub2 screen.
Navigate to the latest boot option.
Press “e” and navigate to the “linux16” line.
Press “control+e” to go to the end of the line.
Append “ rd.break”.
Press “control+x” to boot using the new temporary setting.
chroot /sysroot
mount -o remount rw /
passwd
touch /.autorelabel
exit
exit

6. Configure LDAP and Kerberos client-side services.

Use either "authconfig-tui" or "authconfig-gui".
yum install authconfig-tui authconfig-gui
authconfig-tui
Select: Use LDAP 
Select: Use Kerberos 
Next.
Set: Server=ipa.agix.local
Set: dc=agix,dc=local
Next.
Set: REALM=AGIX.LOCAL
Set: KDC=ipa.agix.local
Set: Admin Server=ipa.agix.local
Ok. 

7. Verify LDAP and Kerberos services.

id ldap1
kinit ldap1
klist

8. Create the “mygroup” group and the “redhat” user and make the new user a part of the new group.

groupadd mygroup
useradd redhat -G mygroup
groups redhat

9. Install Apache and ensure it starts on boot. Make sure the “redhat” user can host their own website at “http://client.agix.local/~agix”.

firewall-cmd --list-services
firewall-cmd --add-service http
firewall-cmd --reload
yum install httpd
vi /etc/http/conf.d/userdir.conf
Change: "UserDir disabled" to "UserDir public_html"
systemctl enable httpd
systemctl restart httpd
chmod o+x /home/redhat
su - redhat
mkdir ~/public_html
echo "redhat website" > ~/public_html/index.html
exit

10. Mount “server.agix.local:/webdocs” as “/mnt/webdocs” on the “client.agix.local” host and ensure it happens at boot time.

mkdir /mnt/webdocs
vi /etc/fstab
Add: server.agix.local:/webdocs  /mnt/webdocs  nfs  defaults,_netdev  0 0
setsebool -P httpd_use_nfs on
mount /mnt/webdocs

11. Set the new web directory for Apache.

mkdir -p /opt/webdocs/html
ls -ldZ /var/www/html
semanage fcontext -a -t httpd_sys_content_t "/opt/webdocs(/.*)?"
restorecon -rv /opt/webdocs
ls -ldZ /opt/webdocs
vi /etc/https/conf/httpd.conf
Change all occurrences of "/var/www/" to "/opt/webdocs/".
Try regex: :%s/\/var\/www/\/opt\/webdocs/g
systemctl restart httpd

12. Configure autofs to mount the “ldap1” user’s home directory on login using krb5p.

vi /etc/users.autofs
Add: /home /etc/users.automount
vi /etc/user.automount
Add: * -rw,sec=krb5p server.agix.local:/home/&
systemctl restart autofs

13. Configure autofs to mount “server.agix.local/public” locally as “/mnt/samba.public” as the “samba” user.

mkdir /cifs
vi /etc/users.master.d/cifs.autofs
Add: /cifs /etc/autofs.cifs
vi /etc/autofs.cifs
Add: public -fstype=cifs,credentials=/etc/cifs.cred ://server.agix.local/shares/&
vi /etc/cifs.creds
username=samba
password=samba
domain=REDHAT
systemctl restart autofs
ls /cifs/public

Verify your work, your done.