INTRO
About this Workshop
- not covered: gui, boot loader
- trying to be as general as possible
- lp1, lp2, lp3 (?)
-
here: lpic-1 content:
http://www.lpi.org/our-certifications/exam-101-objectives
- opinionated: my linux history
Contents
- history, philosophy and ecosystem
- tools introduction
-
workshop
- install debian
- systemd
- apache
- tinc
- elasticsearch, git, vagrant, docker, sql, checkmk, ssl
- redmine, scripting, ssh, compile, partitioning
Previous Contact?
- who has ever restarted a linux os
- who has ever installed software with apt-get
- who has ever used a pipe?
- who has ever read/written a bash script?
What is Linux?
- its a kernel
- FSF: GNU/Linux
- what is a kernel: device/process controller, drivers
- kernel modules
- some C Library implementation
- everything else
A brief History
-
1969: UNIX is born (written in assembly) and is freely available
- 1973: UNIX is rewritten in C
- 1984: UNIX becomes proprietary
-
1983: GNU Project starts to provide free software alternatives for all
UNIX components
- 1987: MINIX is released
-
1991: Linus Torvalds starts working on a more liberally licensed
alternative and later, GNU components are adapted to work with it
- mid 90s: adoption by NASA, DELL, IBM and others
Philosophy
- small is beautiful
- everything is a file
- do one thing and do it right
- make every program a filter
- use/write shell scripts
- store data in flat text files
- avoid captive user interfaces
- portability over efficiency (abstraction, licensing)
Strengths
- super clusters
- mobile
- embedded
- server
- command line: minimal UI, so very clear and portable
- fully (mostly) open source
- documentation and capable community
- automation
-
see Wikipedia
Weaknesses
- desktop: below 2.5% market share
- lacking hardware support
- few experts
- "product" lifecycle, but support is available
- user interfaces
- no brand identity (linux != linux)
- command line: very different from mouse UIs
Distributions
- what is a distro?
- debian/ubuntu (a.k.a. "the mom")
- redhat (commercial) and centos
- suse (commercial) and openSUSE
- fedora
- arch
- gentoo
- knoppix
- coreos (container-os/linux)
- alpine
LINUX
Types of tty (terminal emulators)
- local login (getty, ALT-1 .. ALT-6)
- remote login (ssh)
- graphical (e.g. gnome-terminal, xterm etc.)
- serial
- nested (tmux, screen)
Documentation
- autocomplete: git st[tab][tab]
- whatis cupsd
- sometimes: --help, -h, help etc.
- man find
- man fstab
- apropos mysql
- man statvfs 5
- man man
- distribution website (e.g. Arch)
- google
sh (shell command language)
WD="/home/schepp/images"
mkdir -p $WD/png
for f in $WD/jpg/*.jpg; do
convert $f \
-format png -resize "320x320>" \
$WD/png/
done
bash
- sh implementation
- broadly available and pre-installed
- rich feature set
- many non-POSIX extensions
- very configurable and scriptable
- most documentation assumes it is used
- slow
dash
- fully POSIX compliant
- lightweight and fast
- broadly available
- no extensions
- common in ubuntu (as /bin/sh target)
zsh
- very programmable (e.g. autocompletion)
- better globbing
- integrates FTP client
- modular design
- most documentation assumes it is used
Configuration (bash)
Configuration files
login shells (getty, ssh, su -)
non login shells (e.g. gnome-terminal)
File system hierarchy
the file system hierarchy standard 2.3
- /bin: essential user command binaries
- /dev: device files
- /etc: host-specific configuration files
- /home: user home directories
- ...
System information tools
(examples)
- cd, pwd, ls
- uname, uptime
- history
- echo
Files
- inspecting
- finding & globbing
- editing
- copying/moving
- deleting
- compression
- synchronization
- linking (hard/soft)
-
some commands: ls, find, locate, cp, mv, rm, rmdir, tar, touch, cat,
tail, head, grep, diff, ln, type, gzip, rsync, stat
examples
-
more commands: cpio, xz, bzip2
Streams
- stdin (and from file)
- stdout (and redirection)
- sterr (and redirection)
- |, redirection
-
commands: cat, zcat, cut, head, join, less, gzip, sed, sort, tail,
uniq, wc, tee, xargs, mkfifo, nc, xargs, sed
(examples)
-
more commands: expand, fmt, nl, od, paste, pr, split, tr, unexpand
Editors
- nano: preinstalled, fair amount of features and intuitive
-
vi: mostly preinstalled, fair amount of features and not
intuitive
- vim: vast feature set, not intuitive
- emacs: vast feature set, not intuitive
- joe: uselessly complicated
- ed: very simple
Simple bash hacking
- exit status, stdin, stderr, stdout
- environment variables: env, export, source, set, unset
- special variables: $!, $?, !!
- loops
- functions, arguments
- sub-shells and "return value"
-
examples
Processes
- hierarchy!
- list processes
- start processes
- end processes
- fork() and exec()
- /proc directory
-
some commands: ps, top, htop, kill, nohup, screen,
netstat, which
-
more commands: at, jobs, background, foreground, nice, renice
Filesystems & devices
- /
- mount points
- /proc/partitions
- /proc/mdstat, lvs, vgs, pvs
- lsblk
- /etc/fstab
- backup.dfkg.org
-
some commands: mount, dd, fdisk, mkfs.*, lsblk, lsusb, lspci,
e2fsck, umount, lvs, vgs, pvs
examples
-
more commands: debugfs, tune2fs
Users & permissions
- user and group ids
- file permission bits
- /etc/passwd
- /etc/group
-
some commands: id, group, groups, chmod, chown, useradd, userdel,
htop, netstat
(examples)
-
more commands: umask, usermod, chgrp
Package management
- apt-get install|remove|update|upgrade|dist-upgrade|autoremove
- /etc/apt/sources.list
- /etc/apt/sources.list.d/
- dpkg -l, dpkg -i
- apt-get install -f
- apt-cache search [name]
- http://packages.ubuntu.com
-
do-release-upgrade
(https://help.ubuntu.com/lts/serverguide/installing-upgrading.html)
Service management
- SysVinit (old, simple),
/etc/init.d/apache2 restart
-
Ubuntu's upstart (recent, event based, limited
scope),
service apache2 restart
-
systemd (event based, recent, also handles sockets,
tasks, wide spread adoption even ubuntu switched with 16.04)
systemctl restart apache2
journalctl -u apache2 -f
Network stack (overview, level 3)
Network stack
- hostname, /etc/hosts
- network devices, ip link
- arp
- ip address
- ip route
- firewall and /proc/sys/net/ipv4/ip_forward
- dns, /etc/resolv.conf
- vlans
- /etc/network/interfaces, ifup, ifdown (debian)
-
some commands: ip, arp, iptables, tcpdump, ping, arp, ifconfig
dig, host, nslookup, netstat, traceroute (multi-hop), nmap
examples
-
more commands: mtr, brctl, vlans
HANDS ON
install
- bios, efi, secure boot
- debian installer
- system language
- keyboard language
- kernel + modules
- teaser: mdadm, lvm, cryptsetup
systemd
-
aim: provide system and service manager (systemctl, journalctl,
namespaces)
- aim: be a software platform (e.g. "fleet")
- aim: expose kernel functionality to applications
-
unit types: (general), .service, .timer, (.mount -> /etc/fstab),
.target, .socket, .device, .mount, .path, .slice
-
/etc/systemd, /lib/systemd,
/var/lib/systemd/deb-systemd-helper-enabled
- examples
-
documentation
systemd (goals)
- create a long running service (mini-server.sh)
- create a oneshot service (e.g. backup.sh)
- create a periodic timer for it
- add automatic restarting
apache
- what is a HTTP request?
- how does a response look like?
-
status codes
- very stable http server
- many modules (php, ruby, saml, ldap, caching, ...)
-
good at serving from the file system and handling permisssions
- ok at proxying requests
- directives: virtualhost, directory, location
- examples
-
documentation
apache (goals)
- setup a simple static virtualhost
- deny access to a path segment
- add basic auth to a path segment
- manipulate headers (add access-control-allow-origin)
- setup loging
- setup a wordpress
- redirect from/to the wordpress (tmp, perm)
- (add automated backup for the wordpress install)
- examples
tinc
- data transfer without security considerations
- e.g. transport for Idm
- monitoring
- failover
-
tinc: fast, easy to configure, pluggable crypto algorithms,
compression, self healing
tinc (goals)
- setup vpn across all vms (-> backup.dfkg.org)
- /var/log/tinc.graph
- ping, traceroute, netcat around
- install, start and enable iperf (as a systemd unit)
- iperf around
- ip forwarding
- iptables
- examples
-
documentation