RHEL 7 Administration Notes

Red Hat Enterprise Linux 7 (RHEL 7) provides many administration enhancements and quite a few changes to the commands used to manage the system. Here are some notes for a few basic tasks.

User Management

Adding a user with sudo privileges. Remember “visudo” to review which users and groups are listed with “sudo” rights. Replace “jsmith” with a real username.

Add and Enable User Account

  • useradd -G wheel jsmith
    • add user and group jsmith with membership in wheel group for sudo
  • passwd jsmith # set the initial password for user
  • chage -d 0 jsmith # require password change on first login
  • chage -l jsmith # view password age status (change required, etc)

Disable User Account

  • usermod -L -e 1 jsmith # lock the account and set expiration date in past
  • chage -l jsmith # View Account expires date (Jan 02, 1970 for disabled user)
  • passwd -S jsmith # View Password locked status (LK, Password locked, for disabled user)

Service Management

Here’s an example of service management for the NTP (chrony) package.

  • timedatectl set-timezone UTC # configure the preferred server time zone
  • timedatectl # verify new timezone UTC is set for local-time
  • yum install chrony
  • systemctl start chronyd # Start Service Right Now
  • systemctl enable chronyd # Start Service During System Boot
  • systemctl status chronyd # show status of clock sync service “chrony”
  • chronyc sources # show clock synchronization sources
  • date # show current system date and time

Firewall Management

The RHEL 7 firewall is typically managed using the new firewall-cmd command. This provides a more friendly and persistent way to control the underlying iptables kernel feature. Here is an example for installing Apache HTTPD and opening TCP ports 80 and 443 with firewall-cmd.

  • yum install httpd # Install Apache HTTPD Web Server
  • yum install mod_ssl # add httpd ssl feature
    • # NOTE: Certificates are stored under /etc/pki/tls/* by default
    • # NOTE: HTTPD SSL Configuration is stored in /etc/httpd/conf.d/ssl.conf by default
  • systemctl start httpd # start web-server right now
  • systemctl enable httpd # start web-server on system boot
  • systemctl status httpd # view service status
  • firewall-cmd –add-service=http –permanent # Open TCP port 80
  • firewall-cmd –add-service=https –permanent # Open TCP port 443
  • firewall-cmd –reload # make permanent firewall rules active
  • firewall-cmd –permanent –list-all # show permanent (saved) firewall rules
  • firewall-cmd –list-all # show active (runtime) firewall rules

Network Configuration

RHEL 7 provides powerful command-line tools to manage network connections: nmtui and nmcli. Use nmtui (the Text User Interface) for simple menu-driven network device configuration. The most common tasks will include configuring static IP(s), DNS settings, adding default route(s), etc. These new default network commands have been introduced in RHEL 7 as part of continued enhancements to the default “Network Manager” that was lacking command-line server support in RHEL 6. For more details, see the official RHEL 7 Networking Guide Part I. IP Networking (search for nmtui or nmcli).

Database Management

RHEL 7 ships with the Mariadb package as a community-preferred substitute for the classic “MySQL” database server. The end-user commands are still the same, the main change is the package and service name.

  • yum install mariadb-server
  • systemctl start mariadb # start service
  • systemctl enable mariadb # enable start-on-boot
  • systemctl status mariadb
  • # NOTE: Database file path is /var/lib/mysql
  • # NOTE: Database log path is /var/log/mariadb
  • mysql_secure_installation
    • Set root pw, remove anonymous users, remove test db, reload privilege tables
  • # Configure .my.cnf files for ~root or other users. Allows auto-login for MySQL maintenance scripts etc.
  • # Example setup for application database and single-database app user
    • CREATE USER 'myuser'@'localhost' IDENTIFIED BY 'mypw';
    • CREATE USER 'myuser'@'' IDENTIFIED BY 'mypw';
    • CREATE USER 'myuser'@'::1' IDENTIFIED BY 'mypw';
    • GRANT ALL ON mydb.* TO 'myuser'@'localhost';
    • GRANT ALL ON mydb.* TO 'myuser'@'';
    • GRANT ALL ON mydb.* TO 'myuser'@'::1';

Apache Tomcat Java Application Server Management

Red Hat provides supported packages for the Oracle Java JDK and Apache Tomcat – if you use the provided packages, you will receive automatic security updates every time you run “yum update”. These security updates are a primary benefit for Red Hat customers … so USE THE PROVIDED Java and Tomcat packages!!

If you’re using Apache HTTPD as your front-end web-server, then it will handle secure (SSL/TLS) requests for Tomcat. To optimize the connection between Apache HTTPD and Tomcat, I recommend using the built-in APR HTTPD Connector commonly known as mod_proxy_ajp.

  • yum install java-1.7.0-oracle-devel
  • yum install tomcat
  • systemctl start tomcat
  • systemctl enable tomcat # enable start-on-boot
  • systemctl status tomcat
  • See Apache Tomcat in RHEL 7 for default tomcat folders and config file locations

To connect Apache HTTPD to Tomcat using AJP, add the following to your /etc/httpd/conf.d/ssl.conf file

<VirtualHost _default_:443>
  # ... other config items ...
  ProxyPass /YourApp ajp://localhost:8009/YourApp
  ProxyPassReverse /YourApp ajp://localhost:8009/YourApp
  # ... other config items ...

If you would like to redirect requests for the root of your HTTP site on port 80 to the root of your secure site on port 443, try adding something like the following to your /etc/httpd/conf/httpd.conf file.

<VirtualHost _default_:80>
  # ... other config items ...
  RedirectMatch ^/$ https://YourHost.YourDomain.Com/YourApp
  # ... other config items ...

Activate your HTTPD configuration changes with commands like the following

  • apachectl configtest
  • systemctl reload httpd

No time for any more today. Thanks for reading!

Scheduled Reboot (Systemd Shutdownd)

One of the convenient additions in RHEL 7 with systemd is the new shutdownd feature. This makes it very easy to schedule a reboot of your system. I used to do this with a combination of atd and the shutdown command. Now systemd handles the scheduling without atd making scheduled reboot a supported system feature with a single command. Here are some examples:

  • shutdown -r 02:00 # schedule reboot for 2am
  • shutdown -r +30 # schedule a reboot for 30 minutes from “now”
  • systemctl status systemd-shutdownd # view any scheduled reboot (shutdown) operations
    • Look for output similar to “Shutting down at […] (reboot)”
  • shutdown -c # cancel the scheduled shutdown/reboot operation if desired

About notesbytom

Keeping technology notes on WordPress.com to free up my mind to solve new problems rather than figuring out the same ones repeatedly :-).
This entry was posted in Linux, System Administration and tagged . Bookmark the permalink.

2 Responses to RHEL 7 Administration Notes

  1. Pingback: VNC on CentOS and RHEL 7 | Notes by Tom

  2. Pingback: Tomcat Multiple Instances RHEL 7 CentOS 7 | Notes by Tom

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s