RHCE 7 Exam Point of View Question and Answer - RHCE 7 Dums
RHCE 7 Exam Point of View Question and Answer - RHCE 7 Dums
RHCE 7 Exam Point of View Question and Answer - RHCE 7 Dums
FEB
4 RHCE 7 exam point of view question and Answer | RHCE 7 dums
Note:- This only for the practice purpose. Know the exam set-up and clear your RHCE 7 in first
attempt. Wish you all the best.
# ssh -X [email protected]
(or)
#ssh -X [email protected]
Password:zaldebro
[root@system1 ~]#iptables -F
[root@system1 ~] # systemctl mask iptables.service
[root@system1 ~] # systemctl mask ip6tables.service
[root@system1 ~] # systemctl mask ebtables.service
# ssh -X [email protected]
(or)
#ssh -X [email protected]
Password:zaldebro
[root@system1 ~]#iptables -F
[root@system2 ~] # systemctl mask iptables.service
[root@system2 ~] # systemctl mask ip6tables.service
[root@system2 ~] # systemctl mask ebtables.service
System 2:
[root@ system2 ~]# cd /etc/yum.repos.d/
[root@ system2 ~]# vim system1.repo
[system2]
name=client
baseurl=http://station.district0.example.com/content/rhel7.0/x86_64/dvd
enabled=1
gpgcheck=0
[root@ system2 ~]# yum clean all
[root@ system2 ~]# yum repolist all
3. SSH Configuration.
-Clients within my133ilt.org should NOT have access to ssh on your systems
-Clients with domain district10.example.com should be able to access the systems
in case you my133ilt.org has (172.25.70.0/255.255.0.0)
Ans:
Do This on Both Server and Client
4. Port forwarding.
-Configure system1 to forward traffic incoming on port 80/tcp from source network
172.24.X.0/255.255.255.0 to port on 5243/tcp
Ans:
Server side
client:(to verify in your local environment ask me if not working)
server5.example.com:5243
[root@ system1 ~]# firewall-cmd - -permanent - -add-rich-rule 'rule family=ipv4 source
address=172.24.10.0/24 forward-port port=5243 protocol=tcp to-port=80'
[root@ system1 ~]# firewall-cmd - -reload
[root@ system1 ~]# firewall-cmd - -list-rich-rules
( or)
Configure serverX to forward traffic incoming on port 80/tcp from source network
172.25.X.0/255.255.255.0 to port on 5243/tcp.
[root@ system1 ~]# firewall-config
Configuration : Permanent
Select → Rich Rule Tab
click →Add
Family : ipv4
Check Elements → forward-port [ Click this tab ]
|
|
V
protocol : tcp
Port / Port Range: 5243
Destination
check Local forwarding
Port / Port Range: 80
click [ok]
Source :172.24.10.0/24
click [OK]
click option →reload Firewalld (in terminal put # firewall-cmd - -list-rich-rules )
5. User Environment.
-Create a command called qstat on both system1 and system2. It should able to execute the following
command(ps eo pid,tid,class,rtprio,ni,pri,psr,pcpu,stat,wchan:14,comm)
The command should be executable by all users..
Ans:
Server side :
[root@ system1 ~]# vim /bin/qstat
ps eo pid,tid,class,rtprio,ni,pri,psr,pcpu,stat,wchan:14,comm
:wq
[root@ system1 ~]#chmod a+x /bin/qstat
[root@ system1 ~]#qstat
PID TID CLS RTPRIO NI PRI PSR %CPU STAT WCHAN COMMAND
1271 1271 TS - 0 19 0 0.0 Ss+ poll_schedule_ Xorg
1502 1502 TS - 0 19 0 0.0 Ss+ n_tty_read agetty
1632 1632 TS - 0 19 0 0.0 Ss wait bash
29595 29595 TS - 0 19 0 0.0 S+ wait bash
29596 29596 TS - 0 19 0 0.0 R+ -
ps
Client side :
[root@ system1 ~]# vim /bin/qstat
ps eo pid,tid,class,rtprio,ni,pri,psr,pcpu,stat,wchan:14,comm
:wq
[root@ system1 ~]#chmod a+x /bin/qstat
[root@ system1 ~]#qstat
PID TID CLS RTPRIO NI PRI PSR %CPU STAT WCHAN COMMAND
1271 1271 TS - 0 19 0 0.0 Ss+ poll_schedule_ Xorg
1502 1502 TS - 0 19 0 0.0 Ss+ n_tty_read agetty
1632 1632 TS - 0 19 0 0.0 Ss wait bash
29595 29595 TS - 0 19 0 0.0 S+ wait bash
29596 29596 TS - 0 19 0 0.0 R+ - ps
____________________________________________________________________________________
__
6.IPV 6 Connection
-Configure eth0 with a static ipv6 addresses as follows.
-configure a static IPV6 address in system1 as fddb:fe2a:ab1e::c0a8:64/64.
-configure a static IPV6 address in system2 as fddb:fe2a:ab1e::c0a8:02/64.
-Both machines are able to communicate within the network fddb:fe2a:able/64
-The changes should be permanent even after the reboot
Ans :
Server Side:
[root@ system1 ~]#nmcli connection show
NAME UUID TYPE DEVICE
System eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet eth0
[root@ system1 ~]#nmcli device status
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected System eth0
eno1 ethernet disconnected --
eno2 ethernet disconnected --
lo loopback unmanaged --
[root@ system1 ~]# nmcli connection modify "System eth0" ipv6.addresses
fddb:fe2a:ab1e::c0a8:64/64 ipv6.method manual
[root@ system1 ~]# nmcli connection up "System eth0"
Client Side:
[root@ system2 ~]# nmcli connection show
NAME UUID TYPE DEVICE
System eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet eth0
[root@ system2 ~]# nmcli device status
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected System eth0
eno1 ethernet disconnected --
eno2 ethernet disconnected --
lo loopback unmanaged --
[root@ system2 ~]# nmcli connection modify "System eth0" ipv6.addresses
fddb:fe2a:ab1e::c0a8:02/64
ipv6.method manual
[root@ system2 ~]# nmcli connection up "System eth0"
Client Side:-
[root@ system2 ~]# ping6 fddb:fe2a:ab1e::c0a8:64
Server Side:-
[root@ system1 ~]# ping6 fddb:fe2a:ab1e::c0a8:02 (do this on both side if packet transmited &
received same means correct other wise wrong )
____________________________________________________________________________________
__
7. Link aggregation Configure your system1 and system2, which watches for link changes and selects
an active port for data transfers. System1 should have the address as 172.24.10.10/255.255.255.0.
System2 should have the address as 172.24.10.20/255.255.255.0
[root@ system1 ~]# nmcli connection show
NAME UUID TYPE DEVICE
System eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet eth0
[root@ system1 ~]# nmcli device status
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected System eth0
eno1 ethernet disconnected --
eno2 ethernet disconnected --
lo loopback unmanaged –
System1 Side:
[root@ system1 ~]# nmcli connection add type team ifname team config '{"runner": {"name":
"activebackup"}}'
[root@ system1 ~]# nmcli connection modify team-team ipv4.addresses 172.24.10.10/24 ipv4.method
manual
[root@ system1 ~]# nmcli connection show
NAME UUID TYPE DEVICE
System eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet eth0
team-team e10a27c3-bd4a-431a-a284-50375a3c4717 team team
[root@ system1 ~]# nmcli connection add type team-slave ifname eno1 master team
[root@ system1 ~]# nmcli connection add type team-slave ifname eno2 master team
[root@ system1 ~]# nmcli connection up team-team
[root@ system1 ~]# teamdctl team state
setup:
runner: activebackup
ports:
eno1
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
eno2
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
runner:
active port: eno2
Client Side :
[root@ system2 ~]# nmcli connection show
NAME UUID TYPE DEVICE
System eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet eth0
[root@ system2 ~]# nmcli device status
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected System eth0
eno1 ethernet disconnected --
eno2 ethernet disconnected --
lo loopback unmanaged –
System2 Side:
[root@ system2 ~]# nmcli connection add type team ifname team config '{"runner": {"name":
"activebackup"}}'
[root@ system2 ~]# nmcli connection modify team-team ipv4.addresses 172.24.10.20/24 ipv4.method
manual
[root@ system2 ~]# nmcli connection show
NAME UUID TYPE DEVICE
System eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet eth0
team-team e10a27c3-bd4a-431a-a284-50375a3c4717 team team
[root@ system2 ~]# nmcli connection add type team-slave ifname eno1 master team
[root@ system2 ~]# nmcli connection add type team-slave ifname eno2 master team
[root@ system2 ~]# nmcli connection up team-team
[root@ system2 ~]# teamdctl team state
setup:
runner: activebackup
ports:
eno1
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
eno2
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
runner:
active port: eno2
server side:-
#ping -I team-team 172.25.10.20
____________________________________________________________________________________
8. SMTP Configuration. Configure the SMTP mail service on system1 and system2 which relay the mail
only from local system through station.network0.example.com, all outgoing mail have their sender
domain as district10.example.com. Verify the mail server is working by sending mail to a local user
clarke.
Check the mail on both system1 and system2 with the below URL
http://rhcert.district0.example.com
System1
System2
9. NFS server
- Configure system1 with the following requirements.
- Share the /nfsshare directory within the district10.example.com domain clients only, share must
not be writable.
Ans:
Nfs mount
-Mount /nfsshare directory on system2 under /public directory persistently at system boot time.
Ans:
[root@ system2 ~]# mkdir /public
NFS KERBEROS
NFS Secure:
-Share the /nfssecure, enable krb5p security to secure access to the NFS share from
URL http://station.network0.example.com/pub/keytabs/system1.keytab
Create a directory named as protected under /nfssecure The exported directory should have
read/write access from all subdomains of the distric10.example.com domain. Ensure the directory
/nfssecure/protected should be owned by the user harry with read/write permission..
[root@ system1 ~]# yum install nfs* krb5* -y ( we already installed nfs package for previous
normal share he we just install
krb5 packages only )
[root@ system1 ~]# wget -O /etc/krb5.keytab
http://server1.domain70.example.com/pub/keytabs/system1.keytab
SAMBA :
11. SMB access.
Share the /sambadir directory via SMB on system1 Your SMB server must be a member of the STAFF
workgroup The share name must be data .The data share must be available to
district10.example.com domain clients only The data share must be browseable .Susan must have
read access to the share, authenticating with the same password “password”, if necessary
:wq
[root@ system1 ~]# systemctl restart smb nmb
[root@ system1 ~]# smbclient -L //172.24.10.110
Enter root's password: (just enter)
Anonymous login successful
Domain=[STAFF] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
data Disk
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[STAFF] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
SYSTEM1 Samba Server Version 4.1.1
Workgroup Master
--------- -------
STAFF
[root@ system1 ~]# smbclient //172.24.10.110/data -U Susan
Enter susan's password:
Domain=[STAFF] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Wed Dec 16 10:12:30 2015
.. D 0 Wed Dec 16 10:12:30 2015
40913 blocks of size 262144. 27465 blocks available
smb: \>
12.SAMBA Mount
Share /opstack with SMB share name must be cluster.
The user frankenstein has readable,writeable,accesseable to the /opstack SMB share. The user martin
has read access to the /opstack SMB share. Both users should have the SMB passwd "SaniTago".
The share must be browseable
Mount the samba share /opstack permanently beneath /mnt/smbspace on system2 as a multiuser
mount. The samba share should be mounted with the credentials of martin.
[root@ system1 ~]# mkdir /opstack
[root@ system1 ~]# ll -Zd /opstack/
drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 /opstack/
[root@ system1 ~]# semanage fcontext -a -t samba_share_t '/opstack(/.*)?'
[root@ system1 ~]# restorecon -Rv /opstack/
restorecon reset /opstack context unconfined_u:object_r:default_t:s0-
>unconfined_u:object_r:samba_share_t:s0
[root@ system1 ~]# ll -lZd /opstack/
drwxr-xr-x. root root unconfined_u:object_r:samba_share_t:s0 /opstack/
[root@ system1 ~]# chmod 775 /opstack/
[root@ system1 ~]# chgrp frankenstein /opstack/
[root@ system1 ~]# vim /etc/samba/smb.conf
Line No 89 : workgroup = STAFF
[cluster]
path=/opstack
valid users=@frankenstein,martin
read list=martin
write list=@frankenstein
:wq
<virtualhost *:80>
servername system1.district10.example.com
documentroot /var/www/html
</virtualhost>
[root@system1 html]# httpd -t
Syntax OK
[root@system1 html]# systemctl restart httpd.service
[root@system1 html]# cd
Secured webserver
– configure the website https://system1.district10.example.com with TLS
– SSLCertificate file http://classroom.example.com/pub/rhce/tls/certs/system1.networkX.crt
– SSLCertificatekeyfile
http://classroom.example.com/pub/rhce/tls/private/system1.networkX.key
– SSL CA certificate file http://classroom..example.com/pub/exampleca.crt
[root@system1 ~]# yum install httpd* mod_ssl* -y
system hostname)
Line No 107: SSLCertificateKeyFile /etc/pki/tls/private/system1.network10.key (change local host to
your system hostname)
use firefox
address : https://system1.example.com/
this normal webpage
[root@system1 owndir]# ls
restrict.html
[root@system1 owndir]# mv restrict.html index.html
[root@system1 owndir]# ls
index.html
[root@system1 owndir]# vim /etc/httpd/conf/httpd.conf
[root@system1 owndir]# chown harry /var/www/html/owndir/
<virtualhost *:80>
servername system1.district10.example.com
documentroot /var/www/html
</virtualhost>
<directory /var/www/html/owndir>
order deny,allow
deny from all
allow from 172.24.10.110
</directory>
[root@system1 ~]# systemctl restart httpd.service
firefox:
http://system1.district10.example.com/owndir/
client :
http://system1.district10.example.com/owndir/
1. Forbidden
You don't have permission to access /owndir on this server.
Virtual hosting.
<directory /var/www/scripts>
require all granted
</directory>
[root@system1 ~]# vim /etc/hosts
172.25.10.110 dynamic.district10.example.com
:wq
O/P
Goto Firefox
Address: dynamic.distrcit10.example.com:8899
UNIX EPOCH time is now: 1450238773.24
(if you press F5 time time will be automatically changed)
18. Script 1
-create a script on serverX called /root/random with following details.
-When run as /root/random user, should bring the output as �kernel�
-When run as /root/random kernel, should bring the output as �user�
-When run with any other arguments or without argument,
should bring the stderr as �/root/random user|kernel�
[root@server2 ~]# vim /root/random
read a
case $a in
user ) echo "kernel";;
kernel ) echo "user";;
* ) echo "/root/random user|kernel" >> stderr
esac
[root@server2 ~]# chmod a+x /root/random
[root@server2 ~]# /root/random
user
kernel
[root@server2 ~]# /root/random
kernel
user
[root@server2 ~]# /root/random
f
[root@server2 ~]# ls
anaconda-ks.cfg random stderr
[root@server2 ~]# cat stderr
/root/random user|kernel
[root@server2 ~]#
19. Script 2
-Create a script on serverX called /root/createusers
-When this script is called with the testfile argument, it should add all the users from the file
-Download the file from http://station.district0.example.com/pub/rhce/testfile
-All users should have the login shell as /bin/false, password not required.
-When this script is called with anyother arguments, it should print the message as �Input File Not
Found�
-When this script is run without any arguments, it should display �Usage: /root/createusers�
Note: If the users are added no need to delete.
22.MaridDB Configuration
Configure a MariaDB on System1 with a database name Contacts.
The Database must be accessible locally only.
The root password must be zaldebro.
Apart from root, only the user Zyuichi must be able to query the Contacts Database.
Zyuichi must be identified by zaldebro.
Restore a database on system1 from the backup file
http://station.district0.example.com/pub/rhce/backup.mdb
23.MariaDB Query
Find the first name of user with password “ecosystem”
Enter current password for root (enter for none): ( if fresh installation means just enter)
Set root password? [Y/n] Y
#vim /root/random
case $@ in
postconf ) echo "Postroll";;
Postroll ) echo "postconf";;
*) echo "/root/random postconf | Postroll";;
esac
18) script 2:
Ans:
#wget http://classroom.example.com/pub/testfile
#vim /root/createusers
a=""
case $@ in
testfile ) for b in `cat testfile`
do
useradd -s /bin/false $b;
done;;
$a ) echo "Usage:/root/createusers";;
* ) echo "Input file Not Found";;
esac
ISCSI Initiator
-The system1 provides an iscsi port(3260).
-connect the disk with system2.district10.example.com and configure filesystem with the following
requirements.
-Create 2040 MB partition on ISCSI block device and assign the filesystem as ext3.
-Mount the volume under /mnt/initiator at the system boot time.
Client :
[root@desktop2 ~]# yum install iscsi-initiator-utils* -y
[root@desktop2 ~]# vim /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2015-12.com.example.district10:system2
:wq
[root@desktop2 ~]# systemctl restart iscsi iscsid.service
[root@desktop2 ~]# systemctl enable iscsi iscsid.service
ln -s '/usr/lib/systemd/system/iscsid.service' '/etc/systemd/system/multi-
user.target.wants/iscsid.service'
[root@desktop2 ~]# iscsiadm -m discovery -t st -p 172.25.2.11
172.25.2.11:3260,1 iqn.2015-12.com.example.district10:system1
[root@desktop2 ~]# iscsiadm -m node -T iqn.2015-12.com.example.district10:system1 -p
172.25.2.11
[root@desktop2 ~]# iscsiadm -m node -T iqn.2015-12.com.example.district10:system1 -p
172.25.2.11 -l
Logging in to [iface: default, target: iqn.2015-12.com.example.district10:system1, portal:
172.25.2.11,3260] (multiple)
Login to [iface: default, target: iqn.2015-12.com.example.district10:system1, portal:
172.25.2.11,3260] successful.
[root@desktop2 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 3G 0 disk
vda 253:0 0 10G 0 disk
└─vda1 253:1 0 10G 0 part /
vdb 253:16 0 10G 0 disk
3 View comments
JAN
0 Add a comment