Book Image

Oracle Linux Cookbook

By : Erik Benner, Erik B. Thomsen, Jonathan Spindel
Book Image

Oracle Linux Cookbook

By: Erik Benner, Erik B. Thomsen, Jonathan Spindel

Overview of this book

Discover the power of Oracle Linux 8, the free and enterprise-grade Linux distribution designed for use in any environment, with this recipe-style book. Starting with instructions on how to obtain Oracle Linux for both X86 and ARM-based platforms, this book walks you through various installation methods, from running it as a Windows service to installing it on a Raspberry Pi. It unravels advanced topics such as system upgrades using Leapp for major version transitions and using a PXE server and kickstart files for more advanced installations. The book then delves into swapping kernels to take advantage of Oracle’s UEK, exploring boot options, managing software with DNF, and achieving high availability. Detailed recipes involving security topics will assist with tasks such as data encryption, both at rest and in motion. For developers, it offers guidance on building RPM files, using Docker and Podman in a containerized environment, working with AppStreams, and more. For large-scale deployments, the book introduces Oracle Linux Automation Manager for enterprise-level Ansible utilization, from setting up the Ansible server to basic playbook writing. Finally, you’ll discover strategies for cloud migration. By the end of this book, you’ll possess a comprehensive toolkit that will elevate your skills as a Linux administrator.

Related Content you might be interested in

Current Title:

Small book image
Oracle Linux Cookbook
Erik Benner | Erik B. Thomsen | Jonathan Spindel
Jan, 2024 | 548 pages
Small book image
Red Hat Enterprise Linux 9 Administration
Pedro Ibantildeez | Scott McCarty | Miguel Pérez Colino | Pablo Iranzo Gómez
Nov, 2022 | 530 pages
Small book image
Red Hat Enterprise Linux 8 Administration
Scott McCarty | Miguel Pérez Colino | Pablo Iranzo Gómez
Nov, 2021 | 534 pages
Small book image
Podman for DevOps
Gianni Salinetti | Alessandro Arrichiello
Apr, 2022 | 518 pages
Table of Contents (16 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Conventions used
Sections
Get in touch
Reviews
Share Your Thoughts
Download a free PDF copy of this book
1
Chapter 1: Oracle Linux 8 – Get It? Got It? Good!
Chapter 1: Oracle Linux 8 – Get It? Got It? Good!
Technical requirements
Oracle Linux 8 – which ISO is right? USB? Does anyone use DVDs?
Burning an ISO so it’s bootable
Two for the price of one – running Oracle Linux on Windows Subsystem for Linux (WSL)
Arm'ing for the future of IT – it’s not just a slice of Raspberry Pi
Leapping from Oracle Linux 7 to 8
Migrating from CentOS to Oracle Linux
Free Chapter
2
Chapter 2: Installing with and without Automation Magic
Chapter 2: Installing with and without Automation Magic
Technical requirements
Automating the OS install options with kickstart
DHCP server – more than just IPs
Setting up the web server – HTTPD
Serving up the boot – TFTPD
Back in the day – a manual installation
Appendix – kickstart options
3
Chapter 3: Exploring the Various Boot Options and Kernels in Oracle Linux
Chapter 3: Exploring the Various Boot Options and Kernels in Oracle Linux
Kernel basics – UEK and RHCK
Kernel basics – UEK and RHCK
Playing with UEFI
Playing with Secure Boot
TrenchBoot – improving boot security and integrity
Removing the RHCK
4
Chapter 4: Creating and Managing Single-Instance Filesystems
Chapter 4: Creating and Managing Single-Instance Filesystems
Technical requirements
What you need to know about local filesystems
Btrfs – creating, resizing, and monitoring
Btrfs – subvolumes, snapshots, quotas, and more
Protecting data with mdadm – a software RAID solution
Playing with logical volume management
XFS – creating, modifying, and more
5
Chapter 5: Software Management with DNF
Chapter 5: Software Management with DNF
What have they done to YUM, moving to DNF?
Using the DNF time machine
Building a DNF/YUM mirror from ULN
Creating a new RPM package
6
Chapter 6: Eliminating All the SPOFs! An Exercise in Redundancy
Chapter 6: Eliminating All the SPOFs! An Exercise in Redundancy
Technical requirements
Getting 99.999% availability and beyond
Load balancing a website
Making HAProxy highly available with Keepalived
HA clustering for all with Corosync and Pacemaker
Sharing a filesystem across multiple machines – cluster or distribute?
Generating, configuring, and monitoring Ethernet traffic over bond
7
Chapter 7: Oracle Linux 8 – Patching Doesn’t Have to Mean Rebooting
Chapter 7: Oracle Linux 8 – Patching Doesn’t Have to Mean Rebooting
Setting up Ksplice with internet access
Using Ksplice with no internet access
Installing and enabling Known Exploit Detection
8
Chapter 8: DevOps Automation Tools – Terraform, Ansible, Packer, and More
Chapter 8: DevOps Automation Tools – Terraform, Ansible, Packer, and More
Technical requirements
Do it once manually – rinse and repeat with Terraform
Creating portable roles for Ansible
Managing secrets with Ansible Vault
Cooking up the perfect lab environment with Vagrant
Using Packer to modify source images
Pack it up, pack it in, let me begin, err, umm… build
9
Chapter 9: Keeping the Data Safe – Securing a System
Chapter 9: Keeping the Data Safe – Securing a System
Technical requirements
Signing Git commits with GPG
Encrypting all web traffic
Encrypting all data at rest
Validating adherence to a compliance policy
Port protection and restricting network access
Keeping SELinux active
10
Chapter 10: Revisiting Modules and AppStreams
Chapter 10: Revisiting Modules and AppStreams
Technical requirements
Searching and listing AppStream modules
Installing applications and development tools via AppStream
Using AppStreams to install different versions of software
Removing packages via AppStream
11
Chapter 11: Lions, Tigers, and Containers – Oh My! Podman and Friends
Chapter 11: Lions, Tigers, and Containers – Oh My! Podman and Friends
Technical requirements
Ridding yourself of demons – err um – daemons, with Podman
Giving your containers a root canal
Creating handy-dandy utility containers
Docker Compose with Podman
Managing stacks with pods
Containerized databases
Buildah and Skopeo – Podman’s friends with benefits
12
Chapter 12: Navigating Ansible Waters
Chapter 12: Navigating Ansible Waters
Installing OLAM
Zip through configuring and managing OLAM from the foundation up
OLAM isn’t fantasy football, but they both use playbooks
Controlling the patching chaos
Look beyond automation
Set it and forget it
13
Chapter 13: Let’s All Go to the Cloud
Chapter 13: Let’s All Go to the Cloud
Technical requirements
Oracle Linux in the cloud
Making Docker Desktop more manageable with Portainer
Using VirtualBox to springboard VMs to OCI
For everyone else, let’s make custom images for AWS
14
Index
Index
Why subscribe?
15
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Download a free PDF copy of this book

Appendix – kickstart options

The following table covers the most popular options that control the installation and their syntax:

Option Name

authselect

Description

It configures the authentication options for the system using the authselect command. authselect options are the same as the authselect command. They are passed directly to the command.

Options

See the authselect command.

Option Name

autostep

Description

This option is not recommended for production use. It is more of a troubleshooting command that makes the installer step through every screen, displaying them for a short amount of time.

Options

--autoscreenshot will take an automated screenshot of every install screen. The images are stored in /tmp/anaconda-screenshots/ during the installation and then moved over to /root/anaconda-screenshots when the installation completes. This is helpful for troubleshooting because if you missed a required kickstart option and the installation does not automatically run, you will be at the screen with missing data, and can manually enter the missing configuration data. Then, when you click to continue, the screen is automatically captured with the data you manually entered.

Option Name

cmdline

Description

When used, the install runs in a non-interactive command-line mode. Any prompt from Anaconda for input stops the installation. Make sure to test with the autostep option first.

Options

None

Option Name

eula

Description

If used, the –-agreed option is required. This option allows you to automatically accept the End User License Agreement (EULA). When this option is used, the installer will not prompt for acceptance of the EULA on the first reboot of the system. This is very useful for environments that use a PXE boot as part of the auto-scaling strategy.

Options

--agreed forces the EULA to be accepted and must be used. If the option is not used, the EULA parameter is ignored.

Option Name

firewall

Description

This configures the firewall on the installed system.

Options
  • --enabled or –enable is required. It enables or disables the firewall.
  • --disabled or –disable is required. If disabled, iptables rules are not configured.
  • --trust sets a trusted network device, allowing all traffic to pass through the firewall. To configure multiple devices, list each one as its own entry with no commas, such as –trust eth0 –trust eth8.
  • --incoming adds each of the following tags to allow incoming traffic for these common services:
    • ssh
    • smtp
    • http
    • ftp
  • --port= specifies a specific port to allow access to the server. You can use ports from /etc/service for specific port:protocol combinations. Multiple ports are comma delimited. An example is ldap:tcp, 1521:tcp.
  • --service= allows an easy way to enable specific services, such as CUPS, or services that require multiple UDP/TCP ports to be opened. This enables an easy way to open these ports in a readable format.
  • --use-system-defaults does not configure the firewall. If other options are specified, they are ignored.

Option Name

firstboot

Description

This option can disable the running of the setup application when the system boots. If enabled, make sure you have initial-setup.rpm (initial-setup-gui.rpm if a GUI is required) installed. This option is disabled by default.

Options
  • --enable or –enabled starts the setup the first time the system boots.
  • --disable or –disabled does not start the setup the first time the system boots.
  • --reconfig enables the setup to start at boot time in reconfiguration mode. This enables the networking configuration, root password, time zone, language, mouse, and keyboard options to be set in addition to the default options.

Option Name

graphical

Description

The graphical command is the default, if not set. The installation continues with a fully graphical install.

Options

--non-interactive performs the installation in a completely non-interactive mode. This mode will terminate the installation when user interaction is required.

Option Name

group

Description

This option creates a user group on the system.

Options
  • --name= is required and sets the name of the group.
  • --gid= is an optional parameter and will set the GID of the group.

Option Name

halt

Description

If used, the system with halt after the installation is completed. This is the default completion method if no other method is set. Other completion methods are poweroff, reboot, and shutdown.

Options

None

Option Name

logging

Description

This is useful for troubleshooting PXE installs. It controls the logging from the installer during the installation. It does not configure logging on the system being installed.

Options
  • --host= is the syslog host logs are sent to.
  • --port= is the port used for syslog on the remote syslog host. If not set, the default port (UDP 514) is used.
  • --level= specifies the minimum level of messages sent to device tty3. Regardless of this level, all messages are still sent to the log host and file. Valid values are critical, debug, error, info, and warning.

Syntax

logging [--host=host] [--port=port] [--level=critical|debug|error|info]

Option Name

poweroff

Description

When used, a shutdown and power-off are performed on the system after the installation completes.

Options

None

Option Name

reboot

Description

It reboots the system after the install completes.

Options

--eject ejects bootable media (DVD, USB, etc.) before rebooting the system.

Option Name

repo

Description

Enables additional DNF/YUM repos as installation sources. Each repo will need its own line.

Options
  • --name= is required and sets both the repo name and URL. If a name conflicts with an existing repo, it will be ignored. The format is --name=repoid [--baseurl=url|--mirrorlist=url|--metalink=url] [options]. The following additional options can be added to the URL. As a warning, variables that can be used in yum repository config files are not supported. However, you can use $releasever and $basearch:
    • --baseurl: This is the URL of the repo
    • --mirrorlist: This is a list of mirrors for a repo
    • --metalink: This is the URL with metalink for the repo
  • --proxy=[protocol://][username[:password]@]host[:port] sets the proxy for the repo.
  • --noverifyssl disables SSL verification of an HTTPS server.

Option Name

selinux

Description

Used to configure the initial policy and state of selinux. The default policy is enforcing.

Options
  • --enforcing enables SELinux with the policy set to enforcing. This is the default setting.
  • --permissive enables SELinux with the policy set to permissive. This allows warnings to output to console of syslog without enforcing the policy.
  • --disabled disables SELinux.

Option Name

shutdown

Description

Runs the shutdown command on the system after the installation has completed.

Options

None

Option Name

sshkey

Description

This adds an SSH key to the authorized keys files for the specified user.

Options

--username is mandatory. It is used with the following syntax:

sshkey --username=user KEY

Option Name

text

Description

When used, the installation runs in text mode. By default, the installer runs the GUI install method. Only one of the text/graphical options can be used.

Options

--non-interactive does the install in a non-interactive mode. If a user action is required, the mode will terminate the install.

Option Name

url

Description

When used, it will use the URL specified for the install files from an ISO. URLs can be formatted for FTP, HTTP, or HTTPS.

Options
  • --url is required. This is the URL used for the source files. An example of the syntax is as follows:

    http://server/direcort ftp://username:password@server/path

  • --mirrorlist is an optional parameter that sets the mirror URL to install from.
  • --proxy is an optional parameter that sets a proxy to use while performing the install from an HTTP/HTTPS or FTP server.
  • --noverifyssl is an optional parameter that disables SSL verification when using an HTTPS server.
  • --metalink is an optional parameter that sets the ULN/metalink URL to install from. Variable substitution is done for $releasever and $basearch.

Option Name

user

Description

Creates a new user on the system

Options
  • --name is a required parameter and is the username.
  • --uid is the user’s User ID (UID).
  • --gid the user’s Group ID (GID).
  • --groups is a comma-separated list of group names the user should belong to.
  • --homedir is the home directory for the user.
  • --lock will, if used, lock a new user’s account by default.
  • --password is the password for the new user.
  • --iscrypted, if used, means that the password argument is the encrypted password. You can get this from the /etc/shadow file on a running system.
  • --plaintext, if used, means that the password argument is the plain text password.
  • --shell is the path to the user’s default shell.

Table 2.1 – Kickstart options

Previous Section
End of Chapter 2
Next Chapter