About this Workshop

• not covered: gui, boot loader
• trying to be as general as possible
• lp1, lp2, lp3 (?)
• here: lpic-1 content: http://www.lpi.org/our-certifications/exam-101-objectives
• opinionated: my linux history

Contents

• history, philosophy and ecosystem
• tools introduction
• workshop
  • install debian
  • systemd
  • apache
  • tinc
  • elasticsearch, git, vagrant, docker, sql, checkmk, ssl
  • redmine, scripting, ssh, compile, partitioning

Previous Contact?

• who has ever restarted a linux os
• who has ever installed software with apt-get
• who has ever used a pipe?
• who has ever read/written a bash script?

What is Linux?

• its a kernel
• FSF: GNU/Linux
• what is a kernel: device/process controller, drivers
• kernel modules
• some C Library implementation
• everything else

A brief History

• 1969: UNIX is born (written in assembly) and is freely available
• 1973: UNIX is rewritten in C
• 1984: UNIX becomes proprietary
• 1983: GNU Project starts to provide free software alternatives for all UNIX components
• 1987: MINIX is released
• 1991: Linus Torvalds starts working on a more liberally licensed alternative and later, GNU components are adapted to work with it
• mid 90s: adoption by NASA, DELL, IBM and others

Philosophy

• small is beautiful
• everything is a file
• do one thing and do it right
• make every program a filter
• use/write shell scripts
• store data in flat text files
• avoid captive user interfaces
• portability over efficiency (abstraction, licensing)

Strengths

• super clusters
• mobile
• embedded
• server
• command line: minimal UI, so very clear and portable
• fully (mostly) open source
• documentation and capable community
• automation
• see Wikipedia

Weaknesses

• desktop: below 2.5% market share
• lacking hardware support
• few experts
• "product" lifecycle, but support is available
• user interfaces
• no brand identity (linux != linux)
• command line: very different from mouse UIs

Distributions

• what is a distro?
• debian/ubuntu (a.k.a. "the mom")
• redhat (commercial) and centos
• suse (commercial) and openSUSE
• fedora
• arch
• gentoo
• knoppix
• coreos (container-os/linux)
• alpine

Types of tty (terminal emulators)

• local login (getty, ALT-1 .. ALT-6)
• remote login (ssh)
• graphical (e.g. gnome-terminal, xterm etc.)
• serial
• nested (tmux, screen)

Documentation

• autocomplete: git st[tab][tab]
• whatis cupsd
• sometimes: --help, -h, help etc.
• man find
• man fstab
• apropos mysql
• man statvfs 5
• man man
• distribution website (e.g. Arch)
• google

Basic operation

• login
• root, sudo
• reboot: shutdown -r now
• shutdown: shutdown -h now
• systemd targets: systemctl

  systemctl isolate graphical.target
  ls -la /usr/lib/systemd/system/*.target
              

  mapping to runlevels

sh (shell command language)

• its not a shell
• its a POSIX standard

WD="/home/schepp/images"
mkdir -p $WD/png
for f in $WD/jpg/*.jpg; do
  convert $f \
    -format png -resize "320x320>" \
    $WD/png/
done

bash

• sh implementation
• broadly available and pre-installed
• rich feature set
• many non-POSIX extensions
• very configurable and scriptable
• most documentation assumes it is used
• slow

dash

• fully POSIX compliant
• lightweight and fast
• broadly available
• no extensions
• common in ubuntu (as /bin/sh target)

zsh

• very programmable (e.g. autocompletion)
• better globbing
• integrates FTP client
• modular design
• most documentation assumes it is used

Configuration (bash)

login shells (getty, ssh, su -)

• /etc/profile
• ~/.profile

non login shells (e.g. gnome-terminal)

• /etc/bashrc
• ~/.bashrc

File system hierarchy

• /bin: essential user command binaries
• /dev: device files
• /etc: host-specific configuration files
• /home: user home directories
• ...

System information tools (examples)

• cd, pwd, ls
• uname, uptime
• history
• echo

Files

• inspecting
• finding & globbing
• editing
• copying/moving
• deleting
• compression
• synchronization
• linking (hard/soft)
• some commands: ls, find, locate, cp, mv, rm, rmdir, tar, touch, cat, tail, head, grep, diff, ln, type, gzip, rsync, stat examples
• more commands: cpio, xz, bzip2

Streams

• stdin (and from file)
• stdout (and redirection)
• sterr (and redirection)
• |, redirection
• commands: cat, zcat, cut, head, join, less, gzip, sed, sort, tail, uniq, wc, tee, xargs, mkfifo, nc, xargs, sed (examples)
• more commands: expand, fmt, nl, od, paste, pr, split, tr, unexpand

Editors

• nano: preinstalled, fair amount of features and intuitive
• vi: mostly preinstalled, fair amount of features and not intuitive
• vim: vast feature set, not intuitive
• emacs: vast feature set, not intuitive
• joe: uselessly complicated
• ed: very simple

Simple bash hacking

• exit status, stdin, stderr, stdout
• environment variables: env, export, source, set, unset
• special variables: $!, $?, !!
• loops
• functions, arguments
• sub-shells and "return value"
• examples

Processes

• hierarchy!
• list processes
• start processes
• end processes
• fork() and exec()
• /proc directory
• some commands: ps, top, htop, kill, nohup, screen, netstat, which
• more commands: at, jobs, background, foreground, nice, renice

Filesystems & devices

• /
• mount points
• /proc/partitions
• /proc/mdstat, lvs, vgs, pvs
• lsblk
• /etc/fstab
• backup.dfkg.org
• some commands: mount, dd, fdisk, mkfs.*, lsblk, lsusb, lspci, e2fsck, umount, lvs, vgs, pvs examples
• more commands: debugfs, tune2fs

Users & permissions

• user and group ids
• file permission bits
• /etc/passwd
• /etc/group
• some commands: id, group, groups, chmod, chown, useradd, userdel, htop, netstat (examples)
• more commands: umask, usermod, chgrp

Package management

• apt-get install|remove|update|upgrade|dist-upgrade|autoremove
• /etc/apt/sources.list
• /etc/apt/sources.list.d/
• dpkg -l, dpkg -i
• apt-get install -f
• apt-cache search [name]
• http://packages.ubuntu.com
• do-release-upgrade (https://help.ubuntu.com/lts/serverguide/installing-upgrading.html)

Service management

• SysVinit (old, simple), /etc/init.d/apache2 restart
• Ubuntu's upstart (recent, event based, limited scope), service apache2 restart
• systemd (event based, recent, also handles sockets, tasks, wide spread adoption even ubuntu switched with 16.04) systemctl restart apache2 journalctl -u apache2 -f

Network stack (overview, level 3)

Network stack

• hostname, /etc/hosts
• network devices, ip link
• arp
• ip address
• ip route
• firewall and /proc/sys/net/ipv4/ip_forward
• dns, /etc/resolv.conf
• vlans
• /etc/network/interfaces, ifup, ifdown (debian)
• some commands: ip, arp, iptables, tcpdump, ping, arp, ifconfig dig, host, nslookup, netstat, traceroute (multi-hop), nmap examples
• more commands: mtr, brctl, vlans

install

• bios, efi, secure boot
• debian installer
• system language
• keyboard language
• kernel + modules
• teaser: mdadm, lvm, cryptsetup

systemd

• aim: provide system and service manager (systemctl, journalctl, namespaces)
• aim: be a software platform (e.g. "fleet")
• aim: expose kernel functionality to applications
• unit types: (general), .service, .timer, (.mount -> /etc/fstab), .target, .socket, .device, .mount, .path, .slice
• /etc/systemd, /lib/systemd, /var/lib/systemd/deb-systemd-helper-enabled
• examples
• documentation

systemd (goals)

• create a long running service (mini-server.sh)
• create a oneshot service (e.g. backup.sh)
• create a periodic timer for it
• add automatic restarting

apache

• what is a HTTP request?
• how does a response look like?
• status codes
• very stable http server
• many modules (php, ruby, saml, ldap, caching, ...)
• good at serving from the file system and handling permisssions
• ok at proxying requests
• directives: virtualhost, directory, location
• examples
• documentation

apache (goals)

• setup a simple static virtualhost
• deny access to a path segment
• add basic auth to a path segment
• manipulate headers (add access-control-allow-origin)
• setup loging
• setup a wordpress
• redirect from/to the wordpress (tmp, perm)
• (add automated backup for the wordpress install)
• examples

tinc

• data transfer without security considerations
• e.g. transport for Idm
• monitoring
• failover
• tinc: fast, easy to configure, pluggable crypto algorithms, compression, self healing

tinc (goals)

• setup vpn across all vms (-> backup.dfkg.org)
• /var/log/tinc.graph
• ping, traceroute, netcat around
• install, start and enable iperf (as a systemd unit)
• iperf around
• ip forwarding
• iptables
• examples
• documentation