(LFCS) 6. Storage Management - 13%

Linux Foundation Certified System Administrator (LFCS)

1. Essential Commands - 25% 2. Operation of Running Systems - 20% 3. User and Group Management - 10%
4. Networking - 12%
5. Service Configuration - 20%
6. Storage Management - 13% 6.1 List, create, delete, and modify physical storage partitions
6.2 Manage and configure LVM storage
6.3 Create and configure encrypted storage
6.4 Configure systems to mount file systems at or during boot
6.5 Configure and manage swap space
6.6 Create and manage RAID devices
6.7 Configure systems to mount file systems on demand
6.8 Create, manage and diagnose advanced file system permissions
6.9 Setup user and group disk quotas for filesystems
6.10 Create and configure file systems

6.1 List, create, delete, and modify physical storage partitions

lsblk lists all available disk devices plus available partitions
fdisk it is used to manage disk partition in MBR modality

E.g. fdisk /dev/sdaThis will open an interactive menu that will permit to show current status of partitions or create a delete new partitions

gdisk it is used to manage disk partition in GPT modality

E.g. gdisk /dev/sda

Destroy all MBR partition on a disk

gdisk /dev/sda -> x (expert) -> z (zap)

Convert MBT to GPT

gdisk /dev/sda -> W -> Y

6.2 Manage and configure LVM storage

Before create a Logical Volume must be created in sequence a physical volume and after a volume group
A physical volume is a partition that can be part of volume group. Inside a volume group can be created logical volume
The advance of logical volume is that their dimension can be managed easly
If more space is need a volume group can be extended as well

Physical Volume

pvcreate /dev/sdb1To create a physical volume with partition sbd1
pvs lists available physical volumes
pvdisplay /dev/sdb1 shows info of a physical volume

Volume Group

vgcreate vgname /dev/sdb1To create a volume group called vgname and add the sdb1 physical volume to it
vgs lists available volume groups
vgdisplay vgname shows info of a volume group
vgextend vgname /dev/sdc3 extends a volume group adding a new physical volume /dev/sdc3

Logical volume

lvcreate -n volumename -L 10G vgnameTo create a logical volume called volumename of size 10GB on volume group vgname
lvcreate -n volumename -l 100%FREE vgnameTo create a logical volume called volumename with all available space on volume group vgname
lvs list available logical volumes
lvdisplay shows info of all logical volumes
lvdisplay vgname/volumename shows info of a logical volume volumename contained in vgname volume group
Before use a logical volume, a file system must be created on it
blkid /dev/vgname/volumename shows the UUID of a formatted volume group
lvextend -L +1G -r vgname/volumename extends the logical volume volumename of one giga

-r is used to resize file system

lvreduce -L -1G -r vgname/volumename reduce the logical volume volumename of one giga

6.3 Create and configure encrypted storage

To use encrypted storage a kernel module must be loaded

sudo modprobe dm_crypt Loads kernel module dm_crypt
echo dm_crypt >> /etc/modules-load.d/dm_crypt.conf to load dm_crypt module automatically when system will be restarted
lsmod lists all loaded kernel modules

yum -y install cryptsetup install software used to manage encrypted storage

Encrypt

cryptsetup luksFormat /dev/vgname/volumename encrypts a logical volume volumename contained in vgname volume group

A password must be provided
When confirmation will be required insert a capital YES
NOTE: this command can be used with physical volume as well

cryptsetup open --type luks /dev/vgname/volumename namenewdeviceIt open encrypted volume and associate it to a new device called namenewdevice

Password must be provided

mkfs.ext4 /dev/mapper/namenewdeviceIt creates a file system in namenewdeviceNow new the new device can be mounted

Close device

Unmount device
cryptsetup close namenewdeviceclose namenewdevice

Automount

echo "passwd" >> /root/key Insert a string that will be used that will be used as authentication key to open device
chmod 400 /root/key reduces permission on key file
cryptsetup luksAddKey /dev/mapper/namenewdevice /root/key add key to encrypted device called namenewdevice
Edit /etc/crypttab and add below row:

namenewdevice /dev/vgname/volumename /root/key

Add below row to /etc/fstab

/dev/mapper/namenewdevice /mnt/mountpoint ext4 defaults 0 0

Reboot system or reload system manager

systemctl daemon-reload

The new encrypted volume will be mounted on /mnt/mountpoint

6.4 Configure systems to mount file systems at or during boot

Edit /etc/fstab adding a row similar to:

/dev/sdb1 /mnt/mountpoint ext4 defaults 0 0

Mount device sdb1 to mountpoint.
Device is formatted using ext4 filesystem.
Default mount options are used
0 0 -> Dump (bkp) and fsck.

First 0 means no backup required
Second 0 means no fsck required in case of not correct umount. To enable fsck insert 2 because number indicate the check order, and 1 is given to operating system disk and two do data disks

mount shows mounted volumes
mount -a reloads /etc/fstab
mount -t type -o options device dir

It mounts a device formatted with file system type on directory dir using a list of options
options can be:

async -> I/O asincrono
auto -> Can be mounted using mount -a
default ->Equal to this list of options: async,auto,dev,exec,nouser,rw,suid
loop -> To mount an ISO image
noexec -> no exec
nouser -> A user cannot mount this volume
remount -> Mount volume also if it is already mounted
ro -> Read only
rw -> Read an write
relatime -> Modify file access time (atime) if file is changed or one time a day. Alternative, to reduce disk traffic, noatime can be used. This is useful with SSD to avoid not useful write.

SMB protocol

yum -y install samba-client cifs-utils it installs software need to manage CIFS/SMB protocol
smbclient -L targetIPIt lists all SMB shared directory available on a target IP

root password must be provided

mount -t cifs -o username=smbuser,password=1234pwd //192.168.0.10/share /media/sambaIt mounts a directory share, shared by server 192.168.0.10 on samba directory. User and password to authentication are provided
Permanent configuration

echo "username=smbuser" >> /media/smb/.smbconf
echo "password=1234pwd" >> /media/smb/.smbconf
chmod 600 /media/smb/.smbconf
In /etc/fstab insert:

//192.168.0.10/share /media/samba cifs credentials=/media/samba/.smbcredentials,defaults 0 0

NFS protocol

yum -y install nfs-utils it install software to manage NFS protocol
showmount -e targetIPIt lists all NFS shared directory available on a target IP
mount -t nfs -o defaults 192.168.0.10:/srv/nfs /media/nfsIt mounts a directory nfs, shared by server 192.168.0.10 on nfs directory
Permanent configuration

In /etc/fstab insert:

192.168.0.10:/srv/nfs /media/nfs nfs defaults 0 0

To user NFSv3 insert:

192.168.0.10:/srv/nfs /media/nfs nfs defaults,vers=3 0 0

6.5 Configure and manage swap space

To use a device as swap space:

mkswap /dev/sdb3
swapon -v /deb/sdb3
In /etc/fstab insert:

/dev/sdb3 swap swap defaults 0 0

6.6 Create and manage RAID devices

Concepts:

Parity disk. It is used to provide fault tolerance.
The spare device. It not take part of RAID and it is used only in case of a disk fault. In this case spare enter in the RAID and the content of lost disk is reconstructed and saved on it.
yum -y install mdadm installs software to manage RAID devices
RAID 0 - Striped - No spare

mdadm --create --verbose /dev/md0 --level=stripe --raid-devices=2 /dev/sdb1 /dev/sdc1

RAID 1 - Mirror

mdadm --create --verbose /dev/md0 --level=1 --raid-devices=2 /dev/sdb1 /dev/sdc1

RAID 5 - (1 parity + 1 spare)

mdadm --create --verbose /dev/md0 --level=5 --raid-devices=3 /dev/sdb1 /dev/sdc1 /dev/sdd1 --spare-devices=1 /dev/sde1

RAID 6 - (2 parity + 1 spare)

mdadm --create --verbose /dev/md0 --level=6 --raid-devices=4 /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde --spare-devices=1 /dev/sdf1

RAID 10 - (Stripe + Mirror + 1 spare)

mdadm --create --verbose /dev/md0 --level=10 --raid-devices=4 /dev/sd[b-e]1 --spare-devices=1 /dev/sdf1

mdadm --detail /dev/md0 shows status of RAID device
To use device md0, format it and use as a classical device

Monitoring RAID devices

mdadm --assemble --scan
mdadm --detail --scan >> /etc/mdadm.conf
echo "MAILADDR root" >> /etc/mdadm.conf
systemctl start mdmonitor
systemctl enable mdmonitor

Add disk

mdadm /dev/md0 --add /dev/sbc2
mdadm --grow --raid-devices=4 /dev/md0It adds a spare disk and after it grows array

Remove disk

mdadm /dev/md0 --fail /dev/sdc1 --remove /dev/sdc1mdadm --grow /dev/md0 --raid-devices=2It mark disk as failed and remove it. After the size of array must be adjusted

Delete RAID

Unmount device
mdadm --stop /dev/md0
mdadm --zero-superblock /dev/sbc2 It clean partition that, after, can be reused

References:

https://raid.wiki.kernel.org/index.php/A_guide_to_mdadm

6.7 Configure systems to mount file systems on demand

yum -y install autofs installs software need to manage automount

Automount NFS directory

Edit /etc/auto.master and insert:

/media /etc/nfs.misc --timeout=60

Edit /etc/nfs.misc and insert:

nfs -fstype=nfs 192.168.0.10:/srv/nfs

systemctl start autofs

6.8 Create, manage and diagnose advanced file system permissions

ACL Access control list

They must be supported by filesystem
With some old filesystem a mount option (e.g. acl) must be provided to enable ACL
getfacl file shows ACL applied to a file
setfacl -R -m g:sales:rx file set ACL on file

-R recursive, if file is a directory, ACL will be applied to all file inside it
-m modify
g:sales:rx group sales can read and execute

g group
u user
o other

setfacl -m u:dummy:- file remove all permissions of user dummy.
setfacl -m d:g:sales:rx directory set a default ACL to a directory. In this way all files created inside it will have same ACL as defaultThe default ACL is a specific type of permission assigned to a directory, that doesn’t change the permissions of the directory itself, but makes so that specified ACLs are set by default on all the files created inside of it
If an ACL is applied, when ls -la is executed an + is inserted after other permissions
setfacl -x u:test:w test remove ACL
setfacl -b file removes all ACL

Extended attributes

They are file properties
With some old filesystem a mount option (e.g. user_xattr) must be provided to enable extended attributes
Only root user can remove an attribute
chattr +i file add immutable attribute to a file. It cannot be deleted or removed
chattr -i file remove immutable attribute from a file.
lsattr file shows file's extended attributes

6.9 Setup user and group disk quotas for filesystems

Quota: space that can be used by an user on one specific filesystem

NOTE: To limit space in a directory it is better create a specific mount point with a specific partition

yum -y install quota installs software need to manage quota
usrquota,grpquota mount options must be inserted for filesystem to which enable quota (e.g. editing /etc/fstab)
After that options are inserted, remount partition to enable them
After remount execute quotacheck -mavug that check used blocks and inserted them in a tracking file

Two files will be created:

aquota.group
aquota.user

quotaon -a start quota system

Alternative:
quotaon -vu /mnt/mountpoint it starts only quota user for specific mountpoint
quotaon -vg /mnt/mountpoint it starts only quota group for specific mountpoint

quota -vu user shows user's quota
The quota is specified in blocks of 1K size and in number of inode that is the number of files that can be created
Hard limit: maxim value allowed
Soft limit: a limit that can be exceeded for a grace period. Default grace period is a week
When grace period is reached, soft limit become and hard limit
edquota -t Edit the grace period. Is an unique value for all system
edquota -u user edit user's quota

In each column can be insert a value for soft and hard limit for blocks and inode
NOTE: Normally soft and hard limits are configured equal to avoid confusion

repquota -aug It shows an overview of current quota for each users

6.10 Create and configure file systems

mkfs.ext4 /dev/sdb1 creates an filesystem ext4 on sdb1 partition
fsck.ext4 /dev/sdb1 checks the integrity of sdb1 filesystem