From 27a5942edceae344b87c6b0e4f7daa9e0b4965b9 Mon Sep 17 00:00:00 2001 From: Antoine Le Morvan Date: Tue, 4 Jan 2022 17:00:23 +0100 Subject: [PATCH] fix: fix admonitions part 4 - add an extra line after code !!! --- docs/books/admin_guide/03-commands.md | 27 +++--- .../books/admin_guide/04-advanced-commands.md | 12 ++- docs/books/admin_guide/05-vi.md | 18 ++-- docs/books/admin_guide/06-users.md | 69 +++++++++----- docs/books/admin_guide/07-file-systems.md | 93 ++++++++++++------- docs/books/admin_guide/08-process.md | 29 +++--- docs/books/admin_guide/09-backups.md | 81 ++++++++++------ docs/books/admin_guide/10-boot.md | 9 +- docs/books/admin_guide/11-tasks.md | 21 +++-- docs/books/admin_guide/12-network.md | 39 +++++--- docs/books/admin_guide/13-softwares.md | 9 +- docs/books/learning_ansible/01-basic.md | 51 ++++++---- docs/books/learning_ansible/02-advanced.md | 30 ++++-- .../learning_ansible/03-working-with-files.md | 15 ++- .../learning_ansible/04-ansible-galaxy.md | 6 +- docs/books/learning_ansible/05-deployments.md | 12 ++- .../06-large-scale-infrastructure.md | 12 ++- .../07-working-with-filters.md | 6 +- .../books/learning_rsync/01_rsync_overview.md | 3 +- docs/books/learning_rsync/02_rsync_demo01.md | 6 +- docs/books/learning_rsync/03_rsync_demo02.md | 3 +- .../05_rsync_authentication-free_login.md | 6 +- docs/books/learning_rsync/06_rsync_inotify.md | 9 +- .../learning_rsync/07_rsync_unison_use.md | 12 ++- docs/guides/automation/cron_jobs_howto.md | 12 ++- docs/guides/automation/cronie.md | 6 +- .../templates-automation-packer-vsphere.md | 18 ++-- docs/guides/containers/lxd_server.md | 3 +- docs/guides/contribute/navigation.md | 3 +- docs/guides/desktop/mate_installation.md | 6 +- docs/guides/desktop/xfce_installation.md | 3 +- docs/guides/git/git_wf_git-cola_atom.md | 6 +- docs/guides/installation.md | 30 ++++-- docs/guides/proxies/haproxy_apache_lxd.md | 3 +- docs/guides/rocky_linux_installation_8.4.md | 30 ++++-- .../active_directory_authentication.md | 3 +- docs/guides/security/learning_selinux.md | 18 ++-- docs/guides/virtualization/vbox-rocky.md | 9 +- docs/index.en.md | 3 +- docs/labs/security/lab9-cryptography.md | 27 +++--- docs/release_notes/8_4.md | 6 +- 41 files changed, 499 insertions(+), 265 deletions(-) diff --git a/docs/books/admin_guide/03-commands.md b/docs/books/admin_guide/03-commands.md index c6f1175107..1385643963 100644 --- a/docs/books/admin_guide/03-commands.md +++ b/docs/books/admin_guide/03-commands.md @@ -275,7 +275,8 @@ The `clear` command clears the contents of the terminal screen. In fact, to be m In a terminal, the display will be permanently hidden, whereas in a graphical interface, a scrollbar will allow you to go back in the history of the virtual terminal. -!!! Tip +!!! Tip + CTRL + L will have the same effect as the `clear` command ### `echo` command @@ -612,7 +613,7 @@ The "rockstar" directory must exist to create the "work" directory. Otherwise, the `-p` option should be used. The `-p` option creates the parent directories if they do not exist. -!!! Danger +!!! Danger It is not recommended to use Linux command names as directory or file names. @@ -636,7 +637,7 @@ $ touch /home/rockstar/myfile Date format: `[AAAA]MMJJhhmm[ss]` -!!! Tip +!!! Tip The `touch` command is primarily used to create an empty file, but it can be useful for incremental or differential backups for example. Indeed, the only effect of executing a `touch` on a file will be to force it to be saved during the next backup. @@ -654,7 +655,7 @@ $ rmdir /home/rockstar/work | ----------------------------------------------------------------------- | ----------- | | `-p` | Removes the parent directory or directories provided if they are empty. | -!!! Tip +!!! Tip To delete both a non-empty directory and its contents, use the `rm` command. @@ -666,7 +667,7 @@ The `rm` command deletes a file or directory. rm [-f] [-r] file [file] [...] ``` -!!! Danger +!!! Danger Any deletion of a file or directory is final. @@ -676,7 +677,7 @@ rm [-f] [-r] file [file] [...] | `-i` | Requires confirmation of deletion. | | `-r` | Recursively deletes subdirectories. | -!!! Note +!!! Note The `rm` command itself does not ask for confirmation when deleting files. However, with a RedHat/Rocky distribution, `rm` does ask for confirmation of deletion because the `rm` command is an `alias` of the `rm -i` command. Don't be surprised if on another distribution, like Debian for example, you don't get a confirmation request. @@ -1130,7 +1131,7 @@ $ find /tmp -name *.txt -exec rm -f {} \; The previous command searches for all files in the `/tmp` directory named `*.txt` and deletes them. -!!! Tip "Understand the `-exec` option" +!!! Tip "Understand the `-exec` option" In the example above, the `find` command will construct a string representing the command to be executed. @@ -1144,7 +1145,7 @@ The previous command searches for all files in the `/tmp` directory named `*.txt The `;` character is a special shell character that must be protected by a `\` to prevent it from being interpreted too early by the `find` command (and not in the `-exec`). -!!! Tip +!!! Tip `$ find /tmp -name *.txt -delete` does the same thing. @@ -1198,7 +1199,7 @@ The `grep` command returns the complete line containing the string you are looki $ grep -w "^root" /etc/passwd ``` -!!! Note +!!! Note This command is very powerful and it is highly recommended to consult its manual. It has many derivatives. @@ -1244,11 +1245,11 @@ $ find /home -name "test[123]*" /home/rockstar/test362 ``` -!!! Note +!!! Note Always surround words containing meta-characters with `"` to prevent them from being replaced by the names of files that meet the criteria. -!!! Warning +!!! Warning Do not confuse shell meta-characters with regular expression meta-characters. The `grep` command uses regular expression meta-characters. @@ -1279,7 +1280,7 @@ It is possible to redirect the input stream from another file with the character $ ftp -in serverftp << ftp-commands.txt ``` -!!! Note +!!! Note Only commands that require keyboard input will be able to handle input redirection. @@ -1307,7 +1308,7 @@ STOP The shell exits the `ftp` command when it receives a line containing only the keyword. -!!! Warning +!!! Warning The ending keyword, here `END` or `STOP`, must be the only word on the line and must be at the beginning of the line. diff --git a/docs/books/admin_guide/04-advanced-commands.md b/docs/books/admin_guide/04-advanced-commands.md index 012a50e21e..3b56ae43dd 100644 --- a/docs/books/admin_guide/04-advanced-commands.md +++ b/docs/books/admin_guide/04-advanced-commands.md @@ -39,7 +39,8 @@ antoine steven ``` -!!! Note +!!! Note + `uniq` requires the input file to be sorted because it only compares consecutive lines. Without an argument, the `uniq` command will not display identical lines that follow each other in the `firstnames.txt` file: @@ -215,7 +216,8 @@ The `-I` option allows you to specify a character (in our example the `%` charac The `yum-utils` package is a collection of utilities from different authors for `yum`, which make it easier and more powerful to use. -!!! Note +!!! Note + While `yum` has been replaced by `dnf` in Rocky Linux 8, the package name has remained `yum-utils` although it can be installed as `dnf-utils` as well. These are classic YUM utilities implemented as CLI shims on top of DNF to maintain backwards compatibility with `yum-3`. Here are some examples of usage: @@ -266,7 +268,8 @@ $ repoquery -l yum-utils The `yumdownloader` command downloads RPM packages from the repositories. -!!! Note +!!! Note + This command is very useful to quickly build a local repository of a few rpm! Example: `yumdownloader` will download the _repoquery_ rpm package and all its dependencies: @@ -326,7 +329,8 @@ The `watch` command regularly executes a command and displays the result in the The `-n` option allows you to specify the number of seconds between each execution of the command. -!!! Note +!!! Note + To exit the `watch` command, you must type the keys: CTRL+C to kill the process. Examples: diff --git a/docs/books/admin_guide/05-vi.md b/docs/books/admin_guide/05-vi.md index 8cc141f259..226eb4ea6d 100644 --- a/docs/books/admin_guide/05-vi.md +++ b/docs/books/admin_guide/05-vi.md @@ -66,12 +66,14 @@ Among these improvements, the user has syntax highlighting, which is very useful During a session, VI uses a buffer file in which it records all the changes made by the user. -!!! Note +!!! Note + As long as the user has not saved his work, the original file is not modified. At startup, VI is in *commands* mode. -!!! Tip +!!! Tip + A line of text is ended by pressing ENTER but if the screen is not wide enough, VI makes automatic line breaks, _wrap_ configuration by default. These line breaks may not be desired, this is the _nowrap_ configuration. To exit VI, from the Commands mode, tap : then type: @@ -82,7 +84,8 @@ To exit VI, from the Commands mode, tap : then type: To force the exit without confirmation, you must add *!* to the previous commands. -!!! Warning +!!! Warning + There is no periodic backup, so you must remember to save your work regularly. ## Operating mode @@ -197,7 +200,8 @@ In *command* mode, there are several ways to insert text. VI switches to *insert* mode after entering one of these keys. -!!! Note +!!! Note + VI switches to *insertion* mode. So you will have to press the ESC key to return to *command* mode. ### In relation to a character @@ -262,7 +266,8 @@ These operations are done in *command* mode. RcharactersESC -!!! Note +!!! Note + The R command switches to *replace* mode, which is a kind of *insert* mode. ### Words @@ -287,7 +292,8 @@ These operations are done in *command* mode. cw_word_ESC -!!! Tip +!!! Tip + It is necessary to position the cursor under the first character of the word to cut (or copy) otherwise VI will cut (or copy) only the part of the word between the cursor and the end. To delete a word is to cut it. If it is not pasted afterwards, the buffer is emptied and the word is deleted. diff --git a/docs/books/admin_guide/06-users.md b/docs/books/admin_guide/06-users.md index f194854c81..af4f3d86a2 100644 --- a/docs/books/admin_guide/06-users.md +++ b/docs/books/admin_guide/06-users.md @@ -32,7 +32,8 @@ Several users can be part of the same group. Users can belong to other groups. These users are *invited* to these **secondary groups**. -!!! Note +!!! Note + Each user has a primary group and can be invited into one or more secondary groups. Groups and users are managed by their unique numerical identifiers `GID` and `UID`. @@ -41,7 +42,8 @@ Account and group declaration files are located in `/etc`. * `UID`: _User IDentifier_. Unique user ID. * `GID`: _Group IDentifier_. Unique group identifier. -!!! Danger +!!! Danger + You should always use the administration commands instead of manually editing the files. ## Group management @@ -75,7 +77,8 @@ Group naming rules: * No accents or special characters; * Different from the name of an existing user or system files. -!!! Note +!!! Note + Under **Debian**, the administrator should use, except in scripts intended to be portable to all Linux distributions, the `addgroup` and `delgroup` commands as specified in the `man`: ``` @@ -129,15 +132,18 @@ Example: $ sudo groupdel GroupC ``` -!!! Tip +!!! Tip + To be deleted, a group must no longer contain users. Deleting the last user of an eponymous group will cause the system to delete the group. -!!! Tip +!!! Tip + Each group has a unique `GID`. A group can be duplicated. By convention, the `GID` of system groups range from 0 (`root`) to 999. -!!! Tip +!!! Tip + Since a user is necessarily part of a group, it is best to create the groups before adding the users. Therefore, a group may not have any members. ### `/etc/group` file @@ -155,7 +161,8 @@ GroupP:x:516:patrick * 3: GID. * 4: Guest members (separated by commas, does not contain core members). -!!! Note +!!! Note + Each line in the `/etc/group` file corresponds to a group. Users whose group is their main group are not listed at this level. This membership information is in fact already provided by the `/etc/passwd` file... ### `/etc/gshadow` file @@ -173,7 +180,8 @@ GroupA:$6$2,9,v...SBn160:alain:rockstar * 3: Administrator of the group. * 4: Guest members (separated by commas, does not contain core members). -!!! Warning +!!! Warning + For each line in the `/etc/group` file there must be a corresponding line in the `/etc/gshadow` file. A `!` in the password indicates that it is locked. @@ -238,7 +246,8 @@ Account naming rules: * Different from the name of an existing group or system file; * Set the options `-u`, `-g`, `-d` and `-s` at creation. -!!! Warning +!!! Warning + The home directory tree must be created except for the last directory. The last directory is created by the `useradd` command, which takes the opportunity to copy the files from `/etc/skel` into it. @@ -253,7 +262,8 @@ Example: $ sudo useradd -u 1000 -g GroupA -G GroupP,GroupC albert ``` -!!! Note +!!! Note + Under **Debian**, you will have to specify the `-m` option to force the creation of the login directory or set the `CREATE_HOME` variable in the `/etc/login.defs` file. In all cases, the administrator should use the `adduser` and `deluser` commands as specified in the `man`, except in scripts intended to be portable to all Linux distributions: ``` @@ -314,7 +324,8 @@ Options identical to the `useradd` command. With the `usermod` command, locking an account results in the addition of `!` before the password in the `/etc/shadow` file. -!!! Tip +!!! Tip + To be modified, a user must be disconnected and have no running processes. After changing the identifier, the files belonging to the user have an unknown `UID`. It must be reassigned the new `UID`. @@ -377,7 +388,8 @@ $ sudo userdel -r carine | -------| --------------------------------------------------------- | | `-r` | Deletes the connection directory and the contained files. | -!!! Tip +!!! Tip + To be deleted, a user must be logged out and have no running processes. `userdel` removes the user's line from the `/etc/passwd` and `/etc/gshadow` files. @@ -419,12 +431,14 @@ root:$6$...:15399:0:99999:7::: * 8: Account expiration time. * 9: Reserved for future use. -!!! Danger +!!! Danger + For each line in the `/etc/passwd` file there must be a corresponding line in the `/etc/shadow` file. ## File owners -!!! Danger +!!! Danger + All files necessarily belong to one user and one group. The main group of the user creating the file is, by default, the group that owns the file. @@ -491,7 +505,8 @@ $ sudo chgrp group1 file | `-R` | Modifies the owner groups of the directory and its contents (recursion). | | `-v` | Displays the executed changes. | -!!! Note +!!! Note + It is possible to apply to a file an owner and an owner group by taking as reference those of another file: ``` @@ -558,7 +573,8 @@ Example: [alain]$ newgrp GroupB ``` -!!! Note +!!! Note + After using this command, the files will be created with the `GID` of its subgroup. The command `newgrp` without parameters reassigns the main group. @@ -607,7 +623,8 @@ Example: $ sudo passwd alain ``` -!!! Note +!!! Note + The `passwd` command is available to users to change their password (the old password is requested). The administrator can change the passwords of all users without restriction. They will have to comply with the security restrictions. @@ -620,7 +637,8 @@ Example: ``` $ sudo echo "azerty,1" | passwd --stdin philippe ``` -!!! Warning +!!! Warning + The password is entered in clear text, `passwd` takes care of encrypting it. ### `chage` command @@ -654,7 +672,8 @@ $ sudo chage philippe $ sudo chage -d 0 philippe ``` -!!! Note +!!! Note + If no user is specified, the order will concern the user who enters it. ![User account management with chage](images/chage-timeline.png) @@ -666,7 +685,8 @@ Configuration files: * `/etc/login.defs` * `/etc/skel` -!!! Note +!!! Note + Editing the `/etc/default/useradd` file is done with the `useradd` command. The other files are to be modified with a text editor. @@ -675,7 +695,8 @@ Configuration files: This file contains the default data settings. -!!! Tip +!!! Tip + When creating a user, if the options are not specified, the system uses the default values defined in `/etc/default/useradd`. This file is modified by the command `useradd -D` (`useradd -D` entered without any other option displays the contents of the `/etc/default/useradd` file). @@ -690,7 +711,8 @@ This file is modified by the command `useradd -D` (`useradd -D` entered without | `SKEL` | Skeleton directory of the login directory. | | `CREATE_MAIL_SPOOL` | Mailbox creation in `/var/spool/mail`. | -!!! Warning +!!! Warning + Without the `-g` option, the `useradd` command creates a group of the user's name name and places it there. In order for the `useradd` command to retrieve the value of the `GROUP` field from the `/etc/default/useradd` file, you must specify the `-N` option. @@ -749,7 +771,8 @@ If the login is not specified, it will be `root`. Standard users will have to type the password for the new identity. -!!! Tip +!!! Tip + There are successive 'layers' created (a stack of `bash` environments). To switch from one user to another, you must first type the `exit` command to take back your identity and then the `su` command to take another identity. #### Profile loading diff --git a/docs/books/admin_guide/07-file-systems.md b/docs/books/admin_guide/07-file-systems.md index 31381cebce..84b46198b3 100644 --- a/docs/books/admin_guide/07-file-systems.md +++ b/docs/books/admin_guide/07-file-systems.md @@ -39,7 +39,8 @@ The same physical disk can be divided into a maximum of 4 partitions: * *Primary* (or main) * *Extended* -!!! Warning +!!! Warning + There can be only one extended partition per physical disk. In order to benefit from additional drives, the extended partition can be split into logical partitions ![Breakdown into only 4 primary partitions](images/07-file-systems-001.png) @@ -54,7 +55,8 @@ Storage devices are named *hd* for IDE hard drives and *sd* for other media. The Finally we will find a number that defines the partitioned volume: *1* for the first primary partition, ... -!!! Warning +!!! Warning + Beware, the extended partition, which does not support a file system, still has a number. ![Identification of partitions](images/07-file-systems-003.png) @@ -142,7 +144,8 @@ The disadvantage is that if one of the physical volumes becomes out of order, th LVM is available under Linux from kernel version 2.4. -!!! Note +!!! Note + LVM is only managed by the operating system. Therefore the _BIOS_ needs at least one partition without LVM to boot. ### Volume groups @@ -168,7 +171,8 @@ A volume group, *VG*, is divided into logical volumes, *LV*, offering different ![Volumes in stripe mode](images/07-file-systems-006.png) -!!! Tip +!!! Tip + Striping_ improves performance by writing data to a predetermined number of physical volumes with a _round-robin_ technique. ![Mirrored volumes](images/07-file-systems-007.png) @@ -323,12 +327,14 @@ Example: |--------|-------------------------------------------| | `-t` | Indicates the type of file system to use. | -!!! Warning +!!! Warning + Without a file system it is not possible to use the disk space. Each file system has a structure which is identical on each partition. A **boot block** and a **super block** initialized by the system and then an **inode table** and a **data area** initialized by the administrator. -!!! Note +!!! Note + The only exception is the **swap** partition. ### Boot block @@ -359,7 +365,8 @@ When the system stops, it also copies this table in memory to its block. The size of the **inode table** is defined at its creation and is stored on the partition. It consists of records, called inodes, corresponding to the files created. Each record contains the addresses of the data blocks making up the file. -!!! Note +!!! Note + An inode number is unique within a file system. A copy is loaded in the central memory as soon as the system is initialized. This copy is updated as soon as it is modified and the system saves it periodically (command `sync`). @@ -368,7 +375,8 @@ When the system stops, it also copies this table in memory to its block. A file is managed by its inode number. -!!! Note +!!! Note + The size of the inode table determines the maximum number of files the FS can contain. Information present in the *inode table* : @@ -392,7 +400,8 @@ Its size corresponds to the rest of the available space of the partition. This a These tables are written to the hard disk when the system is shut down. -!!! Danger +!!! Danger + In the event of a sudden stop, the file system may lose its consistency and cause data loss. ### Repairing the file system @@ -424,7 +433,8 @@ or [root]# shutdown –r -F now ``` -!!! Warning +!!! Warning + The partition to be checked must be unmounted. ## Organization of a file system @@ -433,7 +443,8 @@ By definition, a File System is a tree structure of directories built from a roo ![Organization of a file system](images/07-file-systems-008.png) -!!! Note +!!! Note + In Linux everything is a file. Text document, directory, binary, partition, network resource, screen, keyboard, Unix kernel, user program, ... @@ -469,7 +480,8 @@ Linux meets the **FHS** (_Filesystems Hierarchy Standard_) (see `man hier`) whic The `/etc/fstab` file is read at system startup and contains the mounts to be performed. Each file system to be mounted is described on a single line, the fields being separated by spaces or tabs. -!!! Note +!!! Note + Lines are read sequentially (`fsck`, `mount`, `umount`). ``` @@ -495,7 +507,8 @@ proc /proc proc defaults 0 0 The `mount -a` command allows new mounts to be taken into account without rebooting. They are then written to the `/etc/mtab` file which contains the current mounts. -!!! Warning +!!! Warning + Only the mount points listed in `/etc/fstab` will be mounted on reboot. It is possible to make a copy of the `/etc/mtab` file or to copy its contents to `/etc/fstab`. @@ -525,7 +538,8 @@ Example: | `-w` | Mounts the file system read/write, by default (equivalent `-o rw`). | | `-o` | Argument followed by a comma-separated list of options (`remount`, `ro`, ...). | -!!! Note +!!! Note + The `mount` command alone displays all mounted file systems. #### `umount` command @@ -550,7 +564,8 @@ Example: | `-f` | Force unmount. | | `-a` | Unmount all filesystems mentioned in `/etc/fstab`. | -!!! Note +!!! Note + When disassembling, you must not stay below the mounting point. Otherwise, the following error message is displayed: `device is busy`. ## Types of files @@ -568,13 +583,16 @@ Groups of words separated by spaces must be enclosed in quotation marks: [root]# mkdir "working dir" ``` -!!! Note +!!! Note + While there is nothing technically wrong with creating a file or directory with a space in it, it is generally a "best practice" to avoid this and replace any space with an underscore. -!!! Note +!!! Note + The **.** at the beginning of the file name only serves to hide it from a simple `ls`. -!!! Warning +!!! Warning + Under Linux, the extension of a file is not a necessary reference to open or modify it. However, it can be useful for the user. Examples of extension agreements: @@ -702,7 +720,8 @@ There are two types of link files: The link file and the source file have the same _inode_ number and the link counter is incremented. It is not possible to link different directories or files from different file systems. -!!! Warning +!!! Warning + If the source file is destroyed, the counter is decremented and the link file still accesses the file. ###### Command `ln` for a physical link @@ -732,7 +751,8 @@ Unlike the physical link, the symbolic link involves the creation of a new _inod The file created contains only an indication of the path to the file. This notion no longer has the limitations of physical links and it is now possible to link directories and files belonging to different file systems. -!!! Warning +!!! Warning + If the source file is destroyed, the link file can no longer access the file. ###### `ln` command for a symbolic link @@ -774,7 +794,8 @@ There are 4 file access rights: * e**x**ecution; * **-** no right. -!!! Warning +!!! Warning + The rights associated with files differ from those associated with directories (see below). The user types associated with file access rights are: @@ -794,7 +815,8 @@ In some commands it is possible to designate everyone with **a** (_all_). * e**x**ecute: Considers the file as an e**X**ecutable (binary or script). * **-**: No permissions. -!!! Note +!!! Note + Moving or renaming a file depends on the rights of the target directory. Deleting a file depends on the rights of the parent directory. ### Rights associated with directories @@ -822,7 +844,8 @@ The display of rights is done with the command `ls -l`. It is the last 9 charact | 4 | File owner | | 5 | Group owner of the file | -!!! Note +!!! Note + Permissions apply to **u**ser, **g**roup and **o**ther (**ugo**) depending on the owner and group. By default, the _owner_ of a file is the one who creates it. The _group_ of the file is the group of the owner who created the file. The _others_ are those which are not concerned by the previous cases. @@ -875,7 +898,8 @@ There are two methods for making rights changes: * The **octal** method; * The **symbolic** method. -!!! Warning +!!! Warning + The rights of files and directories are not dissociated. For some operations, it will be necessary to know the rights of the directory containing the file. A write-protected file can be deleted by another user as long as the rights of the directory containing it allow this user to perform this operation. #### Principle of the octal method @@ -936,7 +960,8 @@ As with the fundamental rights, the particular rights each have a value. This va ![Special rights](images/07-file-systems-015.png) -!!! Danger +!!! Danger + `S`, `S` and `T` in capital letters **if the right does not exist**. #### The sticky-bit @@ -969,7 +994,8 @@ These rights allow execution of a command according to the rights set on the com The command is executed with the identity of the owner (_SUID_) or the group (_SGID_) of the command. -!!! Note +!!! Note + The identity of the user requesting the execution of the order is no longer taken into account. This is an additional possibility of access rights assigned to a user when it is necessary for them to have the same rights as the owner of a file or those of the group concerned. @@ -1007,7 +1033,8 @@ Verification: -rwxrwsrwx … command2 ``` -!!! Warning +!!! Warning + It is not possible to pass the _SUID_ or _SGID_ to a shell script. The system does not allow it because it is too dangerous for security! @@ -1082,10 +1109,12 @@ $ ls -la umask_025 |--------|----------------------------------| | `-S` | Symbolic display of file rights. | -!!! Warning +!!! Warning + `umask` does not affect existing files. -!!! Note +!!! Note + `umask` modifies the mask until the disconnection. To keep the value, you have to modify the following profile files: @@ -1098,8 +1127,10 @@ For a particular user: * `~/.bashrc` -!!! Warning +!!! Warning + `umask -S` displays the file rights (without the execute right) of the files that will be created. So it is not the display of the mask used to subtract the maximum value. -!!! Tip +!!! Tip + The `umask` command being a _bash_ command, (a `type umask` returns `umask is a shell primitive`) you have to search `umask` in `man bash`. diff --git a/docs/books/admin_guide/08-process.md b/docs/books/admin_guide/08-process.md index d1016c041c..59b0213685 100644 --- a/docs/books/admin_guide/08-process.md +++ b/docs/books/admin_guide/08-process.md @@ -45,7 +45,8 @@ The _PID_ number represents the process at the time of execution. When the proce -!!! Note +!!! Note + Processes are not to be confused with _threads_. Each process has its own memory context (resources and address space), while _threads_ from the same process share this same context. ## Viewing processes @@ -208,11 +209,13 @@ $ kill -9 1664 Signals are the means of communication between processes. The `kill` command sends a signal to a process. -!!! Tip +!!! Tip + The complete list of signals taken into account by the `kill` command is available by typing the command : -``` -$ man 7 signal -``` + + ``` + $ man 7 signal + ``` ### `nohup` command @@ -229,7 +232,8 @@ $ nohup myprogram.sh 0 /backups/etc.cpio $ find /etc | cpio -o > /backups/etc.A.cpio ``` -!!! Warning +!!! Warning + If the path specified in the `find` command is **absolute** then the backup will be performed in **absolute**. If the path indicated in the `find` command is **relative** then the backup will be done in **relative**. @@ -686,7 +710,8 @@ $ cpio -iv ctrl + d to exit this editing mode. Only `root` can use the `-u user` option to manage another user's schedule file. @@ -165,7 +170,8 @@ On the other hand, the following points must be taken into account: * Provide redirections (stdin, stdout, stderr); * It is not relevant to run commands that use input/output requests on a terminal. -!!! Note +!!! Note + It is important to understand that the purpose of scheduling is to perform tasks automatically, without the need for external intervention. ## The `crontab` file @@ -193,7 +199,8 @@ The `crontab` file is structured according to the following rules. | 5 | Day(s) of the week | From 0 to 7 (0=7=sunday) | | 6 | Task to execute | Full command or script | -!!! Warning +!!! Warning + The tasks to be executed must use absolute paths and if possible use redirects. In order to simplify the notation for the definition of time, it is advisable to use special symbols. diff --git a/docs/books/admin_guide/12-network.md b/docs/books/admin_guide/12-network.md index 6c8b9eab13..eb5c315ac2 100644 --- a/docs/books/admin_guide/12-network.md +++ b/docs/books/admin_guide/12-network.md @@ -72,7 +72,8 @@ There are also specific addresses within a network, which must be identified. Th A **MAC address** is a physical identifier written in the factory onto the device. This is sometimes referred to as the hardware address. It consists of 6 bytes often given in hexadecimal form (for example 5E:FF:56:A2:AF:15). It is composed of : 3 bytes of the manufacturer identifier and 3 bytes of the serial number. -!!! Warning +!!! Warning + This last statement is nowadays a little less true with virtualization. There are also software solutions for changing the MAC address. An Internet Protocol (**IP**) address is an identification number permanently or temporarily assigned to each device connected to a computer network using the Internet Protocol. @@ -100,7 +101,8 @@ In order for a computer to be part of a DNS domain, it must be given a DNS suffi ### Reminder of the OSI model -!!! Note "Memory aid" +!!! Note "Memory aid" + To remember the order of the layers of the OSI model, remember the following sentence: __Please Do Not Touch Steven's Pet Alligator__. | Layer | Protocoles | @@ -152,7 +154,8 @@ On Rocky8 Linux distributions, systemd will name interfaces with the new followi Forget the old `ifconfig` command! Think `ip`! -!!! Note +!!! Note + Comment for administrators of older Linux systems: The historical network management command is `ifconfig`. This command has been replaced by the `ip` command, which is already well known to network administrators. @@ -176,7 +179,8 @@ hostname [-f] [hostname] | `-f` | Display the FQDN | | `-i` | Display the system IPs address | -!!! Tip +!!! Tip + This command is used by various network programs to identify the machine. To assign a host name, it is possible to use the `hostname` command, but the changes will not be retained at the next boot. The command with no arguments displays the host name. @@ -196,7 +200,8 @@ It then uses the `/etc/hosts` file to evaluate the main IP address of the server It is therefore essential to fill in these two files before any configuration of network services. -!!! Tip +!!! Tip + To know if this configuration is well done, the commands `hostname` and `hostname -f` must answer with the expected values. ## /etc/hosts file @@ -217,7 +222,8 @@ Example of `/etc/hosts` file: The `/etc/hosts` file is still used by the system, especially at boot time when the system FQDN is determined. -!!! Tip +!!! Tip + RedHat recommends that at least one line containing the system name be filled in. If the **DNS** service (**D**domain **N**ame **S**ervice) is not in place, you must fill in all the names in the hosts file for each of your machines. @@ -255,7 +261,8 @@ search mondomaine.lan nameserver 192.168.1.254 ``` -!!! Tip +!!! Tip + This file is historical. It is no longer filled in directly! Newer generations of distributions have generally integrated the `NetworkManager` service. This service allows you to manage the configuration more efficiently, either in graphical or console mode. @@ -331,7 +338,8 @@ BOOTPROTO=dhcp HWADDR=00:0c:29:96:32:e3 ``` -!!! Tip +!!! Tip + If NetworkManager is installed, the changes are taken into account automatically. If not, you have to restart the network service. * Restart the network service: @@ -376,7 +384,8 @@ NETMASK=255.255.255.0 PREFIX=24 ``` -!!! Warning +!!! Warning + You must use NETMASK OR PREFIX - Not both! ## Routing @@ -474,7 +483,8 @@ Example: [root]# ping –c 4 localhost ``` -!!! Tip +!!! Tip + Validate connectivity from near to far 1) Validate the TCP/IP software layer @@ -576,7 +586,8 @@ Example: BROADCAST=172.16.79.255 ``` -!!! Tip +!!! Tip + This command is interesting followed by a redirection to automatically fill in the configuration files of your interfaces: ``` @@ -622,7 +633,8 @@ When implementing network services, it is very common to check with one of these ### `netstat` command -!!! Warning +!!! Warning + The `netstat` command is now deprecated and is no-longer installed by default on Rocky Linux. You may still find some Linux versions that have it installed, but it is best to move on to using `ss` for everything that you would have used `netstat` for. The `netstat` command (**network statistics**) displays the listening ports on the network. @@ -666,7 +678,8 @@ $ arp-scan -I eth0 -l 172.16.1.232 88:51:fb:5e:fa:b3 (Unknown) (DUP: 2) ``` -!!! Tip +!!! Tip + As the above example shows, it is also possible to have MAC address conflicts! These problems are brought about by virtualization technologies and the copying of virtual machines. ## Hot configuration diff --git a/docs/books/admin_guide/13-softwares.md b/docs/books/admin_guide/13-softwares.md index 3fc89d0eeb..ee65805e0e 100644 --- a/docs/books/admin_guide/13-softwares.md +++ b/docs/books/admin_guide/13-softwares.md @@ -11,7 +11,8 @@ On a Linux system, it is possible to install software in two ways: * Using an installation package; * Compiling from source files. -!!! Note +!!! Note + Installing from source is not covered here. As a rule, you should use the package method unless the software you want is not available via the package manager. The reason for this is that dependencies are generally managed by the package system, whereas with source, you need to manage the dependencies manually. **The package**: This is a single file containing all the data needed to install the program. It can be executed directly on the system from a software repository. @@ -82,10 +83,12 @@ Example: | `-f` | Shows the name of the package containing the specified file. | | `--last` | The list of packages is given by installation date (the last installed packages appear first). | -!!! Warning +!!! Warning + After the `-q` option, the package name must be exact. Metacharacters (wildcards) are not supported. -!!! Tip +!!! Tip + However, it is possible to list all installed packages and filter with the `grep` command. Example: list the last installed packages: diff --git a/docs/books/learning_ansible/01-basic.md b/docs/books/learning_ansible/01-basic.md index a9d5661b77..67a1cd942c 100644 --- a/docs/books/learning_ansible/01-basic.md +++ b/docs/books/learning_ansible/01-basic.md @@ -33,7 +33,8 @@ Ansible centralizes and automates administration tasks. It is: It uses the **SSH** protocol to remotely configure Linux clients or the **WinRM** protocol to work with Windows clients. If none of these protocols is available, it is always possible for Ansible to use an API, which makes Ansible a real Swiss army knife for the configuration of servers, workstations, docker services, network equipment, etc. (Almost everything in fact). -!!! Warning +!!! Warning + The opening of SSH or WinRM flows to all clients from the Ansible server, makes it a critical element of the architecture that must be carefully monitored. As Ansible is push-based, it will not keep the state of its targeted servers between each of its executions. On the contrary, it will perform new state checks each time it is executed. It is said to be stateless. @@ -46,7 +47,8 @@ It will help you with: * automation, * orchestration (when more than 1 target is in use). -!!! Note +!!! Note + Ansible was originally written by Michael DeHaan, the founder of other tools such as Cobbler. ![Michael DeHaan](images/Michael_DeHaan01.jpg) @@ -59,7 +61,8 @@ It will help you with: To offer a graphical interface to your daily use of Ansible, you can install some tools like Ansible Tower (RedHat), which is not free, its opensource counterpart Awx, or other projects like Jenkins and the excellent Rundeck can also be used. -!!! Abstract +!!! Abstract + To follow this training, you will need at least 2 servers under Rocky8: * the first one will be the **management machine**, Ansible will be installed on it. @@ -97,14 +100,16 @@ $ ansible --version ``` As we want to use a newer version of Ansible, we will install it from `python3-pip`: -!!! Note +!!! Note + Remove Ansible if you have installed it previously from _EPEL_. ``` $ sudo dnf install python38 python38-pip python38-wheel python3-argcomplete rust cargo curl ``` -!!! Note +!!! Note + `python3-argcomplete` is provided by _EPEL_. Please install epel-release if not done yet. This package will help you complete Ansible commands. @@ -279,7 +284,8 @@ ansible [-m module_name] [-a args] [options] Examples: -!!! Warning +!!! Warning + Since we have not yet configured authentication on our 2 test servers, not all the following examples will work. They are given as examples to facilitate understanding, and will be fully functional later in this chapter. * List the hosts belonging to the rocky8 group: @@ -318,7 +324,8 @@ ansible ansible_clients --become -m command -a 'reboot' ansible rocky8 -i ./local-inventory -m command -a 'date' ``` -!!! Note +!!! Note + As in this example, it is sometimes simpler to separate the declaration of managed devices into several files (by cloud project for example) and provide Ansible with the path to these files, rather than to maintain a long inventory file. | Option | Information | @@ -368,7 +375,8 @@ Our goal here is to comment out the default, and uncomment the NOPASSWD option s %wheel ALL=(ALL) NOPASSWD: ALL ``` -!!! Warning +!!! Warning + If you receive the following error message when entering Ansible commands, it probably means that you forgot this step on one of your clients: `"msg": "Missing sudo password` @@ -403,17 +411,20 @@ SSH password: } ``` -!!! Note +!!! Note + You are asked for the `ansible` password of the remote servers, which is a security problem... -!!! Tip +!!! Tip + If you get this error `"msg": "to use the 'ssh' connection type with passwords, you must install the sshpass program"`, you can just install `sshpass` on the management station: ``` $ sudo dnf install sshpass ``` -!!! Abstract +!!! Abstract + You can now test the commands that didn't work previously in this chapter. ## Key authentication @@ -477,7 +488,8 @@ For the next test, the `shell` module, allowing remote command execution, is use No password is required, private/public key authentication works! -!!! Note +!!! Note + In production environment, you should now remove the `ansible` passwords previously set to enforce your security (as now an authentication password is not necessary). ## Using Ansible @@ -556,7 +568,8 @@ The installed software being a service, it is now necessary to start it with the } ``` -!!! Tip +!!! Tip + Try to launch those last 2 commands twice. You will observe that the first time Ansible will take actions to reach the state set by the command. The second time, it will do nothing because it will have detected that the state is already reached! ### Exercises @@ -573,7 +586,8 @@ To help discover more about Ansible and to get used to searching the Ansible doc * Update your client distribution * Restart your client -!!! Warning +!!! Warning + Do not use the shell module. Look in the documentation for the appropriate modules! #### `setup` module: introduction to facts @@ -615,7 +629,8 @@ Now that we have seen how to configure a remote server with Ansible on the comma Ansible's playbooks describe a policy to be applied to remote systems, to force their configuration. Playbooks are written in an easily understandable text format that groups together a set of tasks: the `yaml` format. -!!! Note +!!! Note + Learn more about [yaml here](https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html) ``` @@ -637,7 +652,8 @@ The command returns the following error codes: | `99` | Run interrupted by user | | `250` | Unexpected error | -!!! Note +!!! Note + Please note that `ansible` will return Ok when there is no host matching your target, which might mislead you! ### Example of Apache and MySQL playbook @@ -735,7 +751,8 @@ For more readability, it is recommended to write your playbooks in full yaml for ... ``` -!!! Tip +!!! Tip + `dnf` is one of the modules that allow you to give it a list as argument. Note about collections: Ansible now provides modules in the form of collections. diff --git a/docs/books/learning_ansible/02-advanced.md b/docs/books/learning_ansible/02-advanced.md index ea7c350959..f9ee689972 100644 --- a/docs/books/learning_ansible/02-advanced.md +++ b/docs/books/learning_ansible/02-advanced.md @@ -30,7 +30,8 @@ In this chapter, we can start to discover some more advanced notions of how to u ## The variables -!!! Note +!!! Note + More information can be [found here](https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html). Under Ansible, there are different types of primitive variables: @@ -145,7 +146,8 @@ Use of a stored variable: var: homes.stdout_lines[1] ``` -!!! Note +!!! Note + The variable `homes.stdout_lines` is a list of variables of type string, a way to organize variables that we had not yet encountered. The strings that make up the stored variable can be accessed via the `stdout` value (which allows you to do things like `homes.stdout.find("core") != -1`), to exploit them using a loop (see `loop`), or simply by their indices as seen in the previous example. @@ -176,7 +178,8 @@ The default type should be "web". With the help of loop, you can iterate a task over a list, a hash, or dictionary for example. -!!! Note +!!! Note + More information can be [found here](https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html). Simple example of use, creation of 4 users: @@ -262,14 +265,16 @@ Let's see this through a concrete example, showing the management of the system loop: "{{ users | dict2items }}" ``` -!!! Note +!!! Note + Many things can be done with the loops. You will discover the possibilities offered by loops when your use of Ansible pushes you to use them in a more complex way. ### Exercices * Display the content of the `service` variable from the previous exercise using a loop. -!!! Note +!!! Note + You will have to transform your `service` variable, which is a dictionary, to a list with the help of the jinja filter `list` as this: ``` @@ -278,12 +283,14 @@ Let's see this through a concrete example, showing the management of the system ## Conditionals -!!! Note +!!! Note + More information can be [found here](https://docs.ansible.com/ansible/latest/user_guide/playbooks_conditionals.html). The `when` statement is very useful in many cases: not performing certain actions on certain types of servers, if a file or a user does not exist, etc. -!!! Note +!!! Note + Behind the `when` statement the variables do not need double braces (they are in fact Jinja2 expressions...). ``` @@ -349,7 +356,8 @@ You will probably have to test that a variable exists to avoid execution errors: ## Managing changes: the `handlers` -!!! Note +!!! Note + More information can be [found here](https://docs.ansible.com/ansible/latest/user_guide/playbooks_handlers.html). Handlers allow to launch operations, like restarting a service, when changes occur. @@ -416,7 +424,8 @@ tasks: ## Asynchronous tasks -!!! Note +!!! Note + More information can be [found here](https://docs.ansible.com/ansible/latest/user_guide/playbooks_async.html). By default, SSH connections to hosts remain open during the execution of various playbook tasks on all nodes. @@ -588,7 +597,8 @@ service: * Display the content of the `service` variable from the previous exercise using a loop. -!!! Note +!!! Note + You will have to transform your `service` variable, which is a dictionary, to an item or a list with the help of the jinja filters `dict2items` or `list` as this: ``` diff --git a/docs/books/learning_ansible/03-working-with-files.md b/docs/books/learning_ansible/03-working-with-files.md index 67ea76be20..a2bf1c590a 100644 --- a/docs/books/learning_ansible/03-working-with-files.md +++ b/docs/books/learning_ansible/03-working-with-files.md @@ -29,7 +29,8 @@ Depending on your needs, you will have to use different Ansible modules to modif When you want to modify an INI file (section between `[]` then `key=value` pairs), the easiest way is to use the `ini_file` module. -!!! Note +!!! Note + More information can be [found here](https://docs.ansible.com/ansible/latest/collections/community/general/ini_file_module.html). The module requires: @@ -53,7 +54,8 @@ Example of use: To ensure that a line is present in a file, or when a single line in a file needs to be added or modified, use the `linefile` module. -!!! Note +!!! Note + More information can be [found here](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/lineinfile_module.html). In this case, the line to be modified in a file will be found using a regexp. @@ -71,7 +73,8 @@ For example, to ensure that the line starting with `SELINUX=` in the `/etc/selin When a file has to be copied from the Ansible server to one or more hosts, it is better to use the `copy` module. -!!! Note +!!! Note + More information can be [found here](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/copy_module.html). Here we are copying `myflile.conf` from one location to another: @@ -89,7 +92,8 @@ Here we are copying `myflile.conf` from one location to another: When a file has to be copied from a remote server to the local server, it is best to use the `fetch` module. -!!! Note +!!! Note + More information can be [found here](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/fetch_module.html). This module does the opposite of the `copy` module: @@ -105,7 +109,8 @@ This module does the opposite of the `copy` module: Ansible and its `template` module use the **Jinja2** template system (http://jinja.pocoo.org/docs/) to generate files on target hosts. -!!! Note +!!! Note + More information can be [found here](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/template_module.html). For example: diff --git a/docs/books/learning_ansible/04-ansible-galaxy.md b/docs/books/learning_ansible/04-ansible-galaxy.md index e90869eeeb..f55d54c685 100644 --- a/docs/books/learning_ansible/04-ansible-galaxy.md +++ b/docs/books/learning_ansible/04-ansible-galaxy.md @@ -61,7 +61,8 @@ ansible-galaxy collection [import|init|install|login|remove|...] An Ansible role is a unit that promotes the reusability of playbooks. -!!! Note +!!! Note + More information can be [found here](https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html) ### Installing useful Roles @@ -427,7 +428,8 @@ Obviously, there is no limit to how much you can improve your role. Imagine that Collections are a distribution format for Ansible content that can include playbooks, roles, modules, and plugins. -!!! Note +!!! Note + More information can be [found here](https://docs.ansible.com/ansible/latest/user_guide/collections_using.html) To install or upgrade a collection: diff --git a/docs/books/learning_ansible/05-deployments.md b/docs/books/learning_ansible/05-deployments.md index de5b9f8056..ca9c23c826 100644 --- a/docs/books/learning_ansible/05-deployments.md +++ b/docs/books/learning_ansible/05-deployments.md @@ -37,7 +37,8 @@ Ansistrano requires the following to run: It can download source code from `rsync`, `git`, `scp`, `http`, `S3`, ... -!!! Note +!!! Note + For our deployment example, we will use the `git` protocol. Ansistrano deploys applications by following these 5 steps: @@ -119,7 +120,8 @@ Technical considerations: * The source code to be deployed contains a `html` folder which the vhost should point to. Its `DirectoryIndex` is `index.htm`. * The deployment is done by `git`, the package will be installed. -!!! Note +!!! Note + The target of our vhost will therefore be: `/var/www/site/current/html`. Our playbook to configure the server: `playbook-config-server.yml` @@ -190,7 +192,8 @@ Server: Apache/2.4.37 (rocky) OpenSSL/1.1.1g Content-Type: text/html; charset=iso-8859-1 ``` -!!! Note +!!! Note + We have not yet deployed any code, so it is normal for `curl` to return a `404` HTTP code. But we can already confirm that the `httpd` service is working and that the firewall is open. ### Deploying the software @@ -609,7 +612,8 @@ The `ansistrano_git_branch` variable is used to specify a `branch` or `tag` to d - { role: ansistrano.deploy } ``` -!!! Note +!!! Note + You can have fun, during the deployment, refreshing your browser, to see in 'live' the change. ``` diff --git a/docs/books/learning_ansible/06-large-scale-infrastructure.md b/docs/books/learning_ansible/06-large-scale-infrastructure.md index 914e64db5e..420d335c35 100644 --- a/docs/books/learning_ansible/06-large-scale-infrastructure.md +++ b/docs/books/learning_ansible/06-large-scale-infrastructure.md @@ -32,10 +32,12 @@ The organization of the configuration management system presented in this chapte However, be careful: using Ansible to ensure park compliance requires changing work habits. It is no longer possible to manually modify the configuration of a service manager without seeing these modifications overwritten the next time Ansible is run. -!!! Note +!!! Note + What we are going to set up below is not Ansible's favorite terrain. Technologies like Puppet or Salt will do much better. Let's remember that Ansible is a Swiss army knife of automation and is agentless, which explains the differences in performance. -!!! Note +!!! Note + More information can be [found here](https://docs.ansible.com/ansible/latest/user_guide/sample_setup.html) ## Variables storage @@ -74,7 +76,8 @@ For example, if you want to make the `PermitRootLogin` value in the `sshd_config The use of Ansible tags allows you to execute or skip a part of the tasks in your code. -!!! Note +!!! Note + More information can be [found here](https://docs.ansible.com/ansible/latest/user_guide/playbooks_tags.html) For example, let's modify our users creation task: @@ -207,7 +210,8 @@ cms └── global_vars.yml ``` -!!! Note +!!! Note + You are free to develop your roles within a collection ## Tests diff --git a/docs/books/learning_ansible/07-working-with-filters.md b/docs/books/learning_ansible/07-working-with-filters.md index 741cc730ec..5d578ce97e 100644 --- a/docs/books/learning_ansible/07-working-with-filters.md +++ b/docs/books/learning_ansible/07-working-with-filters.md @@ -29,7 +29,8 @@ We have already had the opportunity, during the previous chapters, to use the ji These filters, written in python, allow us to manipulate and transform our ansible variables. -!!! Note +!!! Note + More information can be [found here](https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html). Throughout this chapter, we will use the following playbook to test the different filters presented: @@ -71,7 +72,8 @@ Throughout this chapter, we will use the following playbook to test the differen var: zero ``` -!!! Note +!!! Note + The following is a non-exhaustive list of filters that you are most likely to encounter or need. Fortunately, there are many others. You could even write your own! diff --git a/docs/books/learning_rsync/01_rsync_overview.md b/docs/books/learning_rsync/01_rsync_overview.md index 67d286c05e..795649d889 100644 --- a/docs/books/learning_rsync/01_rsync_overview.md +++ b/docs/books/learning_rsync/01_rsync_overview.md @@ -44,7 +44,8 @@ The original `rsync` was maintained by the Australian programmer |pull/download|RockyLinux8; ## Demonstration based on SSH protocol -!!! tip "Attention!" +!!! tip "Attention!" + Here, both Rocky Linux 8 and Fedora 34 use the root user to log in. Fedora 34 is the client and Rocky Linux 8 is the server. ### pull/download @@ -91,7 +92,8 @@ aabbcc ``` The transfer was successful. -!!! tip "Attention" +!!! tip "Attention" + If the server's SSH port is not the default 22, you can specify the port in a similar way---`rsync -avz -e 'ssh -p [port]' `. ### push/upload diff --git a/docs/books/learning_rsync/03_rsync_demo02.md b/docs/books/learning_rsync/03_rsync_demo02.md index ec266b825b..0311c6bafa 100644 --- a/docs/books/learning_rsync/03_rsync_demo02.md +++ b/docs/books/learning_rsync/03_rsync_demo02.md @@ -33,7 +33,8 @@ Some parameters and values ​​of this file are as follows, [ here ](04_rsync_ | auth users = li| Enable virtual users and define what a virtual user is called. Need to create it yourself| | secrets file = /etc/rsyncd_users.db | Used to specify the location of the virtual user's password file, which must end in .db. The content format of the file is "Username: Password", one per line | -!!! tip "Attention!" +!!! tip "Attention!" + The permission of the password file must be 600 Write some file content to /etc/rsyncd.conf, and write the user name and password to /etc/rsyncd_users.db, the permission is 600 diff --git a/docs/books/learning_rsync/05_rsync_authentication-free_login.md b/docs/books/learning_rsync/05_rsync_authentication-free_login.md index 4d05630326..ef78634c84 100644 --- a/docs/books/learning_rsync/05_rsync_authentication-free_login.md +++ b/docs/books/learning_rsync/05_rsync_authentication-free_login.md @@ -59,7 +59,8 @@ Last login: Tue Nov 2 21:42:44 2021 from 192.168.100.5 [testrsync@Rocky ~]$ ``` -!!! tip "Attention!" +!!! tip "Attention!" + The server configuration file **/etc/ssh/sshd_config** should be opened PubkeyAuthentication yes ## rsync protocol password-free authentication login @@ -94,5 +95,6 @@ sent 30 bytes received 193 bytes 148.67 bytes/sec total size is 883 speedup is 3.96 ``` -!!! tip "tip!" +!!! tip "tip!" + You can write this variable into **/etc/profile** to make it take effect permanently. The content is: `export RSYNC_PASSWORD=13579` diff --git a/docs/books/learning_rsync/06_rsync_inotify.md b/docs/books/learning_rsync/06_rsync_inotify.md index e2147bcc58..3f26cfafca 100644 --- a/docs/books/learning_rsync/06_rsync_inotify.md +++ b/docs/books/learning_rsync/06_rsync_inotify.md @@ -121,7 +121,8 @@ Back to the first terminal pts/0, the output information is as follows: ## Combination of `inotifywait` and `rsync` -!!! tip "Attention!" +!!! tip "Attention!" + We are operating in Rocky Linux 8 server, using SSH protocol for demonstration. For the password-free authentication login of the SSH protocol, please refer to [rsync password-free authentication login](05_rsync_authentication-free_login.md), which is not described here. An example of the content of a bash script is as follows. You can add different options after the command according to your needs to meet your needs. For example, you can also add `--delete` after the `rsync` command. @@ -141,11 +142,13 @@ $a | while read directory event file [root@Rocky ~]# bash /root/rsync_inotify.sh & ``` -!!! tip "emphasize again!" +!!! tip "emphasize again!" + When using the SSH protocol for data synchronization transmission, if the SSH service port of the target machine is not 22, you can use a method similar to this—— `b="/usr/bin/rsync -avz -e 'ssh -p [port-number]' /rsync/* testfedora@192.168.100.5:/home/testfedora/"` -!!! tip "Attention!" +!!! tip "Attention!" + If you want to start this script at boot `[root@Rocky ~]# echo "bash /root/rsync_inotify.sh &" >> /etc/rc.local` `[root@Rocky ~]# chmod +x /etc/rc.local` diff --git a/docs/books/learning_rsync/07_rsync_unison_use.md b/docs/books/learning_rsync/07_rsync_unison_use.md index b3b7e399f1..901ed88ae1 100644 --- a/docs/books/learning_rsync/07_rsync_unison_use.md +++ b/docs/books/learning_rsync/07_rsync_unison_use.md @@ -33,7 +33,8 @@ Last login: Wed Nov 3 22:07:18 2021 from 192.168.100.5 [testrsync@Rocky ~]$ ``` -!!! tip "Attention" +!!! tip "Attention" + The configuration files of the two machines **/etc/ssh/sshd_config** should be opened PubkeyAuthentication yes ## Rocky Linux 8 install unison @@ -131,13 +132,16 @@ done [root@fedora ~]# jobs -l ``` -!!! tip "Attention!" +!!! tip "Attention!" + For two-way synchronization, the scripts of both machines must be started, otherwise an error will be reported. -!!! tip "Attention!" +!!! tip "Attention!" + If you want to start this script at boot `[root@Rocky ~]# echo "bash /root/unison1.sh &" >> /etc/rc.local` `[root@Rocky ~]# chmod +x /etc/rc.local` -!!! tip "Attention!" +!!! tip "Attention!" + If you want to stop the corresponding process of this script, you can find it in the `htop` command and then **kill** diff --git a/docs/guides/automation/cron_jobs_howto.md b/docs/guides/automation/cron_jobs_howto.md index 4798833075..d41ae3e3c8 100644 --- a/docs/guides/automation/cron_jobs_howto.md +++ b/docs/guides/automation/cron_jobs_howto.md @@ -70,12 +70,14 @@ If you want to run scripts on a workstation or laptop in the `cron` "dot" direct * `/etc/cron.weekly` - Scripts placed here will run every 7 days, based on the calendar day of the last run time. (see tip) * `/etc/cron.monthly` - Scripts placed here will run monthly based on the calendar day of the last run time. (see tip) -!!! tip +!!! tip + These are likely to be run at similar (but not exactly the same) times every day, week, and month. For more exact running times, see the @options below. So provided you're alright with just letting the system auto-run your scripts, and allowing them to run sometime during the specified period, then it makes it very easy to automate tasks. -!!! note +!!! note + There is no rule that says a server administrator cannot use the randomized run times which `anacron` uses to run scripts in the "dot" directories. The use case for this would be for a script that is not time sensitive. ### Create Your Own `cron` @@ -116,7 +118,8 @@ Notice that this particular `crontab` file has some of its own documentation bui Let's assume that we have a backup script that we want to run at 10 PM at night. The `crontab` uses a 24 hour clock, so this would be 22:00. Let's assume that the backup script is called "backup" and that it is currently in the _/usr/local/sbin_ directory. -!!! note +!!! note + Remember that this script needs to also be executable (`chmod +x`) in order for the `cron` to run it. To add the job, we would: @@ -150,7 +153,8 @@ Another way to run jobs at a strictly scheduled time (i.e., day, week, month, ye * `@yearly` runs the script every year at midnight on the first day of January. * `@reboot` runs the script on system startup only. -!!! note +!!! note + Using these `crontab` entries bypasses the `anacron` system and reverts to the `crond.service` whether `anacron` is installed or not. For our backup script example, if we used use the @daily option to run the backup script at midnight, the entry would look like this: diff --git a/docs/guides/automation/cronie.md b/docs/guides/automation/cronie.md index b71bcd95e0..edf51e1c1f 100644 --- a/docs/guides/automation/cronie.md +++ b/docs/guides/automation/cronie.md @@ -71,7 +71,8 @@ In this example, assuming you are performing this operation as the root user, ty 00 22 * * * /usr/local/sbin/backup ``` -!!! tip "Attention" +!!! tip "Attention" + The script needs to have execute permission (`chmod +x`) before cronie can run it. #### Complex options @@ -94,7 +95,8 @@ So far, the content discussed are very simple options, but how to complete more |- | represents a continuous time range, such as "0 5 * * 1-6 ", which means that a command will be executed at five o'clock in the morning every day from Monday to Saturday | |*/n | Represents how often the interval is executed, such as "*/10 * * * *" means that it is executed every 10 minutes | -!!! tip "Attention" +!!! tip "Attention" + The smallest time unit that cronie can recognize is 1 minute; when using, for example, `30 4 1,15 * 5 command` , it will cause the command to run on the 1st and 15th of each month and 4:30 in the morning of every Friday ; The output information of some scripts or commands will prevent the execution of timed tasks, and output redirection is required, such as this- `*/10 * * * * /usr/local/sbin/backup &> /dev/null` ## Q & A diff --git a/docs/guides/automation/templates-automation-packer-vsphere.md b/docs/guides/automation/templates-automation-packer-vsphere.md index 576ff886b1..ce5fc0ee64 100644 --- a/docs/guides/automation/templates-automation-packer-vsphere.md +++ b/docs/guides/automation/templates-automation-packer-vsphere.md @@ -206,7 +206,8 @@ This builder lets us configure the hardware we need: ], ``` -!!! Note +!!! Note + You will never forget again to include CPU_hot_plug as it is automatic now! You can do more cool thing with the disk, cpu, etc. You should refer to the documentation if you are interested in making other adjustments. @@ -221,7 +222,8 @@ To start the installation, you need an ISO image of Rocky Linux. Here is an exam Then you have to provide the complete command to be entered during the installation process: configuration of the IP and transmission of the path to the Kickstart response file. -!!! Note +!!! Note + This example takes the most complex case: using a static IP. If you have a DHCP server available, the process will be much easier. This is the most amusing part of the procedure: I'm sure you'll go and admire the VMWare console during the generation, just to see the automatic entry of the commands during the boot. @@ -383,7 +385,8 @@ As we have chosen to use the minimal iso, instead of the Boot or DVD, not all re As Packer relies on VMWare Tools to detect the end of the installation, and the `open-vm-tools` package is only available in the AppStream repos, we have to specify to the installation process that we want to use as source both the cdrom and this remote repo: -!!! Note +!!! Note + If you don't have access to the external repos, you can use either a mirror of the repo, a squid proxy, or the dvd. ``` @@ -406,7 +409,8 @@ Remember we specified the user to connect via SSH with to Packer at the end of t rootpw mysecurepassword ``` -!!! Warning +!!! Warning + You can use an insecure password here, as long as you make sure that this password will be changed immediately after the deployment of your VM, for example with Ansible. Here is the selected partition scheme. Much more complex things can be done. You can define a partition scheme that suits your needs, adapting it to the disk space defined in Packer, and which respects the security rules defined for your environment (dedicated partition for `/tmp`, etc.): @@ -428,7 +432,8 @@ logvol swap --fstype="swap" --size=4092 --name=lv_swap --vgname=vg_root The next section concerns the packages that will be installed. A "best practice" is to limit the quantity of installed packages to only those you need, which limits the attack surface, especially in a server environment. -!!! Note +!!! Note + The author likes to limit the actions to be done in the installation process and to defer installing what is needed in the post installation script of Packer. So, in this case, we install only the minimum required packages. The `openssh-clients` package seems to be required for Packer to copy its scripts into the VM. @@ -561,7 +566,8 @@ As this is not the behavior we want, we need to specify to cloud-init not to del For this, we create a file `/etc/cloud/cloud.cfg.d/99-manual.cfg` with the `manual_cache_clean: True` directive. -!!! Note +!!! Note + This implies that if you need to re-apply a network configuration via VSphere's customization tool (which, in normal use, should be quite rare), you will have to delete the cloud-init cache yourself. The rest of the script is commented and does not require more details diff --git a/docs/guides/containers/lxd_server.md b/docs/guides/containers/lxd_server.md index 56d147fdb8..1530250406 100644 --- a/docs/guides/containers/lxd_server.md +++ b/docs/guides/containers/lxd_server.md @@ -18,7 +18,8 @@ The learning curve for LXD can be a bit steep, but this document will attempt to * For ZFS, make sure that UEFI secure boot is NOT enabled. Otherwise, you will end up having to sign the ZFS module in order to get it to load. * We will, for the moment, be using CentOS-based containers, as LXC does not yet have Rocky Linux images. Stay tuned for updates, because this will likely change with time. -!!! Note +!!! Note + This has changed! Feel free to substitute in Rocky Linux containers in the examples below. ## Part 1 : Getting The Environment Ready diff --git a/docs/guides/contribute/navigation.md b/docs/guides/contribute/navigation.md index 0a3e3e5f56..1b412c1909 100644 --- a/docs/guides/contribute/navigation.md +++ b/docs/guides/contribute/navigation.md @@ -44,7 +44,8 @@ Doing this effectively requires: * Linking to the `docs` folder within your cloned documentation repository (you can also just modify the mkdocs.yml file if you wish to load the correct folder, but linking keeps your mkdocs environment cleaner) * Running `mkdocs serve` within your clone of docs.rockylinux.org -!!! Note +!!! Note + This document was written in a Linux environment. If your environment is different (Windows or Mac), then you will need to do a little research on matching up to some of these steps. An editor or manager reading this can submit changes to it to add in steps for those environments. ### Installing diff --git a/docs/guides/desktop/mate_installation.md b/docs/guides/desktop/mate_installation.md index 82db2a6cf6..da3637a526 100644 --- a/docs/guides/desktop/mate_installation.md +++ b/docs/guides/desktop/mate_installation.md @@ -4,7 +4,8 @@ The MATE desktop environment was created to fork and continue GNOME2 in the wake This procedure is designed to get you up and running with Rocky Linux using MATE. -!!! Warning +!!! Warning + MATE does not come from Rocky Linux repositories. It is not officially supported by Rocky Linux. For most users, this procedure will work as expected, but if you have issues, please note that the Rocky developers and test group will do NO work on any failures! If you want MATE badly enough, then troubleshoot your issues and fix as needed. If you find something that you feel should be included in this procedure to help others, push a change to the document. ## Prerequisites @@ -26,7 +27,8 @@ Enable this repository by entering: `dnf copr enable stenstorp/MATE` -!!! Warning +!!! Warning + The `copr` build system creates a repository that is known to work for installing `mate` and `lightdm` (below), but is not maintained by the Rocky Linux community. Use at your own risk! You will get a warning message about the repository, but go ahead and enable it by typing `Y` to allow. diff --git a/docs/guides/desktop/xfce_installation.md b/docs/guides/desktop/xfce_installation.md index 1fe06911b6..45935c3eb5 100644 --- a/docs/guides/desktop/xfce_installation.md +++ b/docs/guides/desktop/xfce_installation.md @@ -38,7 +38,8 @@ You also need the Powertools and lightdm repositories. Go ahead and enable those `dnf copr enable stenstorp/lightdm` -!!! Warning +!!! Warning + The `copr` build system creates a repository that is known to work for installing `lightdm`, but is not maintained by the Rocky Linux community. Use at your own risk! Again, you will be presented with a warning message about the repository. Go ahead and answer `Y` to the prompt. diff --git a/docs/guides/git/git_wf_git-cola_atom.md b/docs/guides/git/git_wf_git-cola_atom.md index cd8ca8feca..131c6224d7 100644 --- a/docs/guides/git/git_wf_git-cola_atom.md +++ b/docs/guides/git/git_wf_git-cola_atom.md @@ -27,7 +27,8 @@ This particular workflow uses the following components: --- -!!! Note +!!! Note + While both Atom and Git Cola are described as optional, you'll need at least one of them for this particular workflow. This author likes to use both: one for the GitHub portion (Git Cola), and one for the editing portion (Atom). --- @@ -157,7 +158,8 @@ I use Git Cola for setting up the remotes (as we have already seen), branching, You always want to create a branch by using the "main" as the template. Make sure that "main" is selected in the "Branches" listing on the right-hand side of Git Cola, then click "Branch" top menu item and "Create." Type a name for your new branch. -!!! Note +!!! Note + When naming branches, consider using descriptive names. These will help add clarity when you push them upstream. For instance, the author uses an "rl_" prefix when creating a new document, and then appends the a descriptive short name for what the document is. For edits, the author uses "edit_" as the prefix followed by a short name about what the edit is for. As an example, below you can see the "Branches" listing, which shows "rl_git_workflow": diff --git a/docs/guides/installation.md b/docs/guides/installation.md index 77ce565e20..bfa6e3e777 100644 --- a/docs/guides/installation.md +++ b/docs/guides/installation.md @@ -33,7 +33,8 @@ Rocky-.--.iso For example, `Rocky-8.5-x86_64-minimal.iso` -!!! Note +!!! Note + Rocky project web page has a listing of several mirrors located all over the world. Whenever possible, you should choose the mirror geographically closest to you. The list of official mirrors can be found [here](https://mirrors.rockylinux.org/mirrormanager/mirrors). ## Verifying the Installer ISO File @@ -60,7 +61,8 @@ Rocky-8.5-x86_64-minimal.iso: OK ## The Installation -!!! Tip +!!! Tip + Before starting the installation proper, the system’s Unified Extensible Firmware Interface (UEFI) or Basic Input/Output System (BIOS) should be preconfigured to boot from the correct medium. If the computer is setup to boot from the media that has the ISO file we can begin the installation process. @@ -127,7 +129,8 @@ Under the _Software_ section of the _Installation Summary_ screen, you can selec Since we are performing our installation using a full Rocky 8 image, you will notice that _Local Media_ is automatically specified under the Installation Source section of the main _Installation Summary_ screen. We'll accept the preset defaults. -!!! Tip +!!! Tip + The installation Source area is where you can opt to perform a network based installation. For a network based installation, you need to first ensure that a network adapter on the target system is properly configured, and is able to reach the internet. To perform a network based installation, click on `Installation Source` and then select the `On the network` radio button. Once selected, choose `https` as the protocol and type the following URL in the text field `download.rockylinux.org/pub/rocky/8/BaseOS/x86_64/os`. Click `Done`. #### Software Selection @@ -161,19 +164,22 @@ Once the installer determines that you have a usable disk, you will be returned The final task of the installation procedure deals with network configuration, where you can configure or tweak network-related settings for the system. -!!! Note +!!! Note + After you click on the Network & Hostname option, all correctly detected network interface hardware (such as Ethernet, wireless network cards, and so on) will be listed in the left pane of the network configuration screen. Depending on the Linux distribution and the specific hardware setup, Ethernet devices in Linux have names similar to `eth0`, `eth1`, `ens3`, `ens4`, `em1`, `em2`, `p1p1`, `enp0s3`, and so on. For each interface, you can either configure it using DHCP or manually set the IP address. If you choose to configure manually, be sure to have all the pertinent information ready, such as the IP address, netmask, and so on. Clicking the Network & Hostname button in the main _Installation Summary_ screen opens the corresponding configuration screen. Among other things, you have the option to configure the hostname of the system (the name defaults to `localhost.localdomain`). -!!! Note +!!! Note + You can easily change this name later on after the OS has been installed. For now, accept the default value supplied for the hostname. The next important configuration task is related to the network interfaces on the system. First, verify that an Ethernet card (or any network card) is listed in the left pane. Click any of the detected network devices in the left pane to select it. The configurable properties of the selected network adapter will appear in the right pane of the screen. -!!! Note +!!! Note + On our sample system, we have two Ethernet devices (`ens3` and `ens4`), all of which are in a connected state. The type, name, quantity, and state of the network devices on your system may vary from the ones on our sample system. Make sure the switch of the device you want to configure is flipped to the `ON` position in the right pane. @@ -181,7 +187,8 @@ We'll accept all the defaults in this section. Click Done to return to the main _Installation Summary_ screen. -!!! Warning +!!! Warning + Pay attention to the IP address of the server in this section of this installer. If you don’t have physical or easy console access to the system, this information will come in handy later on when you need to connect to the server to continue working on it. ## Installer Phase @@ -196,7 +203,8 @@ This section can be used for creating a password for the `root` user account and Click the _Root Password_ field under _User Settings_ to launch the _Root Password _ task screen. In the _Root Password_ text box, set a strong password for the root user. -!!! Warning +!!! Warning + The root superuser is the most privileged account on the system. Therefore, if you choose to use or enable it, it is crucial that you protect this account with a strong password. Enter the same password again in the _Confirm_ text box. @@ -208,7 +216,8 @@ Click Done. Next click the _User Creation_ field under _User Settings_ to launch the _Create User_ task screen. This task area allows you to create a privileged or non-privileged (non-administrative) user account on the system. -!!! Info +!!! Info + Creating and using a non-privileged account for day-to-day tasks on a system is a good system administration practice. We’ll create a regular user that can invoke superuser (administrator) powers, the same as the root user, when needed. @@ -237,7 +246,8 @@ _Confirm password_: Once you are satisfied with your choices for the various installation tasks, click the Begin Installation button on the main _Installation Summary_ screen. The installation will begin, and the installer will show the progress of the installation. When the installation begins, various tasks will begin running in the background, such as partitioning the disk, formatting the partitions or LVM volumes, checking for and resolving software dependencies, writing the operating system to the disk, and so on. -!!! Note +!!! Note + If you do not wish to continue after clicking the Begin Installation button, you can still safely back out of the installation without any loss of data. To quit the installer, simply reset your system either by clicking the Quit button, pressing ctrl-alt-del on the keyboard, or pushing the reset or power switch. ### Complete the Installation diff --git a/docs/guides/proxies/haproxy_apache_lxd.md b/docs/guides/proxies/haproxy_apache_lxd.md index a5bae0e872..92925ff8f1 100644 --- a/docs/guides/proxies/haproxy_apache_lxd.md +++ b/docs/guides/proxies/haproxy_apache_lxd.md @@ -66,7 +66,8 @@ Next we need to modify the `macvlan` profile. But before we do, we need to know link/ether a8:5e:45:52:f8:b6 brd ff:ff:ff:ff:ff:ff inet 192.168.1.141/24 brd 192.168.1.255 scope global dynamic noprefixroute eno1 ``` -!!! Note +!!! Note + In this case, the interface we are looking for is "eno1" but this could be completely different on your system. Use **your** interface information! Now that we know the LAN interface, we can modify our `macvlan` profile. To do this, at the command line type: diff --git a/docs/guides/rocky_linux_installation_8.4.md b/docs/guides/rocky_linux_installation_8.4.md index cb6f97300f..f3bbeb9da2 100644 --- a/docs/guides/rocky_linux_installation_8.4.md +++ b/docs/guides/rocky_linux_installation_8.4.md @@ -10,7 +10,8 @@ This guide walks through the detailed steps to install a 64-bit version of the R In this guide we will be performing a server class install using an operating system installer image downloaded from the Rocky Linux project website. We will step through the installation and customization steps in the following sections. **** -!!! Note +!!! Note + Wherever there is a command which is run from the command prompt it will be assumed that you are logged in as a standard user (not the superuser). The command to type will not show the command prompt which could be different depending on the system and operating system you are using. ## OS Installation Prerequisites @@ -37,7 +38,8 @@ Rocky-.--.iso For example, `Rocky-8.4-x86_64-minimal.iso` -!!! Note +!!! Note + Rocky project web page has a listing of several mirrors located all over the world. Whenever possible, you should choose the mirror geographically closest to you. The list of official mirrors can be found [here](https://mirrors.rockylinux.org/mirrormanager/mirrors). ## Verifying the Installer ISO File @@ -64,7 +66,8 @@ Rocky-8.4-x86_64-minimal.iso: OK ## The Installation -!!! Tip +!!! Tip + Before starting the installation proper, the system’s Unified Extensible Firmware Interface (UEFI) or Basic Input/Output System (BIOS) should be preconfigured to boot from the correct medium. If the computer is setup to boot from the media that has the ISO file we can begin the installation process. @@ -162,19 +165,22 @@ Once the installer determines that you have a usable disk, you will be returned The final task of the installation procedure deals with network configuration, where you can configure or tweak network-related settings for the system. -!!! Note +!!! Note + After you click on the Network & Hostname option, all correctly detected network interface hardware (such as Ethernet, wireless network cards, and so on) will be listed in the left pane of the network configuration screen. Depending on the Linux distribution and the specific hardware setup, Ethernet devices in Linux have names similar to `eth0`, `eth1`, `ens3`, `ens4`, `em1`, `em2`, `p1p1`, `enp0s3`, and so on. For each interface, you can either configure it using DHCP or manually set the IP address. If you choose to configure manually, be sure to have all the pertinent information ready, such as the IP address, netmask, and so on. Clicking the Network & Hostname button in the main _Installation Summary_ screen opens the corresponding configuration screen. Among other things, you have the option to configure the hostname of the system (the name defaults to `localhost.localdomain`). -!!! Note +!!! Note + You can easily change this name later on after the OS has been installed. For now, accept the default value supplied for the hostname. The next important configuration task is related to the network interfaces on the system. First, verify that an Ethernet card (or any network card) is listed in the left pane. Click any of the detected network devices in the left pane to select it. The configurable properties of the selected network adapter will appear in the right pane of the screen. -!!! Note +!!! Note + On our sample server, we have four Ethernet devices (`ens3`, `ens4`, `ens5` and `ens6`), all of which are in a connected state. The type, name, quantity, and state of the network devices on your system may vary from the ones on our sample system. Make sure the switch of the device you want to configure is flipped to the `ON` position in the right pane. @@ -182,7 +188,8 @@ We'll accept all the defaults in this section. Click Done to return to the main _Installation Summary_ screen. -!!! Warning +!!! Warning + Pay attention to the IP address of the server in this section of this installer. If you don’t have physical or easy console access to the system, this information will come in handy later on when you need to connect to the server to continue working on it. ## Installer Phase @@ -197,7 +204,8 @@ This section can be used for creating a password for the `root` user account and Click the _Root Password_ field under _User Settings_ to launch the _Root Password _ task screen. In the _Root Password_ text box, set a strong password for the root user. -!!! Warning +!!! Warning + The root superuser is the most privileged account on the system. Therefore, if you choose to use or enable it, it is crucial that you protect this account with a strong password. Enter the same password again in the _Confirm_ text box. @@ -209,7 +217,8 @@ Click Done. Next click the _User Creation_ field under _User Settings_ to launch the _Create User_ task screen. This task area allows you to create a privileged or non-privileged (non-administrative) user account on the system. -!!! Info +!!! Info + Creating and using a non-privileged account for day-to-day tasks on a system is a good system administration practice. We’ll create a regular user that can invoke superuser (administrator) powers, the same as the root user, when needed. @@ -238,7 +247,8 @@ _Confirm password_: Once you are satisfied with your choices for the various installation tasks, click the Begin Installation button on the main _Installation Summary_ screen. The installation will begin, and the installer will show the progress of the installation. -!!! Note +!!! Note + If you do not wish to continue after clicking the Begin Installation button, you can still safely back out of the installation without any loss of data. To quit the installer, simply reset your system either by clicking the Quit button, pressing ctrl-alt-del on the keyboard, or pushing the reset or power switch. When the installation begins, various tasks will begin running in the background, such as partitioning the disk, formatting the partitions or LVM volumes, checking for and resolving software dependencies, writing the operating system to the disk, and so on. diff --git a/docs/guides/security/authentication/active_directory_authentication.md b/docs/guides/security/authentication/active_directory_authentication.md index 64fcef01ac..542991afa0 100644 --- a/docs/guides/security/authentication/active_directory_authentication.md +++ b/docs/guides/security/authentication/active_directory_authentication.md @@ -27,7 +27,8 @@ Directory, and will not include any extra configuration on the Windows side. ## Discovering and joining AD using SSSD -!!! Note +!!! Note + Throughout this guide, the domain name `ad.company.local` will be used to represent the Active Directory domain. To follow this guide, replace it with the actual domain name your AD domain uses. diff --git a/docs/guides/security/learning_selinux.md b/docs/guides/security/learning_selinux.md index c48b52caec..87783c9af4 100644 --- a/docs/guides/security/learning_selinux.md +++ b/docs/guides/security/learning_selinux.md @@ -128,7 +128,8 @@ httpd_can_sendmail (off , off) Allow httpd to send mail … ``` -!!! Note +!!! Note + As you can see, there is a `default` state (eg. at startup) and a running state. The `setsebool` command is used to change the state of a boolean object: @@ -148,7 +149,8 @@ sudo setsebool -P httpd_can_sendmail on | `-P` | Changes the default value at startup (otherwise only until reboot) | | `-V` | Deletes an object | -!!! Warning +!!! Warning + Don't forget the `-P` option to keep the state after the next startup. ### Administering Port objects @@ -232,7 +234,8 @@ sudo setenforce 0 The `/etc/sysconfig/selinux` file allows you to change the operating mode of SELinux. -!!! Warning +!!! Warning + Disabling SELinux is done at your own risk! It is better to learn how SELinux works than to disable it systematically! Edit the file `/etc/sysconfig/selinux` @@ -241,7 +244,8 @@ Edit the file `/etc/sysconfig/selinux` SELINUX=disabled ``` -!!! Note +!!! Note + `/etc/sysconfig/selinux` is a symlink to `/etc/selinux/config` Reboot the system: @@ -250,7 +254,8 @@ Reboot the system: sudo reboot ``` -!!! Warning +!!! Warning + Beware of the SELinux mode change! In permissive or disabled mode, newly created files will not have any labels. @@ -342,7 +347,8 @@ To make a context change survive to a `restorecon`, you have to modify the defau semanage fcontext -a options file ``` -!!! Note +!!! Note + If you are performing a context switch for a folder that is not standard for the system, creating the rule and then applying the context is a good practice as in the example below! Example: diff --git a/docs/guides/virtualization/vbox-rocky.md b/docs/guides/virtualization/vbox-rocky.md index d89b03f3fd..39ade2396b 100644 --- a/docs/guides/virtualization/vbox-rocky.md +++ b/docs/guides/virtualization/vbox-rocky.md @@ -19,7 +19,8 @@ This document is an attempt to give a step-by-step set of instructions for getti * A copy of the Rocky Linux [DVD ISO](https://rockylinux.org/download) for your architecture. (x86_64 or ARM64). * Ensure that your OS is 64 bit and that hardware virtualization is turned on in your BIOS. -!!! Note +!!! Note + Hardware virtualization is 100% necessary in order to install a 64 bit OS. If your configuration screen shows only 32-bit options, then you need to stop and fix this before continuing. ## Preparing The VirtualBox® Configuration @@ -114,7 +115,8 @@ This time: * In the "Screen" tab on the right-hand side, you'll notice the "Video Memory" option with the default set to 16 MB. * Change this to the value that you want. You can adjust this upwards by coming back to this screen anytime. In our example, we are selecting 128 MB now. -!!! Tip +!!! Tip + There are ways to set the video memory up to 256 MB. If you need more, check out [this document](https://docs.oracle.com/en/virtualization/virtualbox/6.0/user/vboxmanage-modifyvm.html) from Oracle's official documentation. Your screen should look something like this: @@ -147,7 +149,8 @@ After installing and rebooting you will get a EULA license agreement screen that It is not the intent of this document to make you an expert on all of the features that VirtualBox® can provide. For information on how to do specific things please check the [official documentation](https://docs.oracle.com/en/virtualization/virtualbox/6.0/user/). -!!! tip "Advanced Tip" +!!! tip "Advanced Tip" + VirtualBox® offers extensive options at the command line using `VBoxManage`. While this document does not cover the use of `VBoxManage`, Oracle's official documentation provides [plenty of details](https://docs.oracle.com/en/virtualization/virtualbox/6.0/user/vboxmanage-intro.html) if you would like to research this further. ## Conclusion diff --git a/docs/index.en.md b/docs/index.en.md index a057dc4af7..2c98555525 100644 --- a/docs/index.en.md +++ b/docs/index.en.md @@ -36,7 +36,8 @@ Of course not everyone has English as their first language! At Rocky Linux we wa 1. Website interface localisation: if you choose another language, for example Français, you will note that the interface, for example the 'Next' and 'Previous' navigators, will be localised. 1. Content: translating content is, obviously, an ongoing (significant) task. Not all content is translated into all languages yet. Any pages that have been translated (into the language selected) will be seen in the chosen language, those that have not will fall back to the default language English. If you want to contribute to the community through translations the documentation team would love to hear from you — see below for details. -!!! note +!!! note + Not all functionality may be available in all languages, this is a limitation of the underlying MkDocs modules available. ### Using Search diff --git a/docs/labs/security/lab9-cryptography.md b/docs/labs/security/lab9-cryptography.md index 04a6c8060d..b870f6bb3c 100644 --- a/docs/labs/security/lab9-cryptography.md +++ b/docs/labs/security/lab9-cryptography.md @@ -121,8 +121,9 @@ If it isn’t, get the super-user to install it. `[ying@serverXY ying]$ gpg --list-keys` -!!! NOTE -You shouldn’t have any keys in your key-ring yet. But the above command will also help create a default environment to enable you create a new key-pair successfully the first time. +!!! NOTE + + You shouldn’t have any keys in your key-ring yet. But the above command will also help create a default environment to enable you create a new key-pair successfully the first time. List the hidden directories in your home directory again. What is the name of the new directory added? @@ -150,9 +151,9 @@ Your selection? 1 At the prompt for the type of key your want to create accept the default i.e.(DSA and ElGamal). Type 1 -!!! WARNING +!!! WARNING -Option (1) will create two key-pairs for you. The DSA key-pair will be the primary keypair - for making digital signatures and a subordinate ELGamel keypair for data encryption. + Option (1) will create two key-pairs for you. The DSA key-pair will be the primary keypair - for making digital signatures and a subordinate ELGamel keypair for data encryption. 6. You will create an ELG-E keysize of 1024. Accept the default again at the prompt below: @@ -317,17 +318,15 @@ To export your public keys [ying@serverXY ying\]$ ***gpg --output ying-pub.gpg --export <your\_key’s\_user\_ID>*** -!!! NOTE - -Please replace <your\_key’s\_user\_ID> with any string that correctly identifies +!!! NOTE -your keys. On our sample system this value can be any one of the following: + Please replace <your\_key’s\_user\_ID> with any string that correctly identifies your keys. On our sample system this value can be any one of the following: -ying@serverXY, ying, yang + ying@serverXY, ying, yang -OR + OR -The actual key ID - 1D12E484 + The actual key ID - 1D12E484 2. Export your public key to a file called “ying-pub.asc”. But this time generate it in @@ -513,9 +512,9 @@ gpg: decryption failed: secret key not available command to decrypt the file. Were they more successful in decrypting the file. -!!! NOTE +!!! NOTE -Be very careful when decrypting binary files ( e.g. programs), because after successfully decrypting a file gpg will attempt to send the contents of the file to standard output. + Be very careful when decrypting binary files ( e.g. programs), because after successfully decrypting a file gpg will attempt to send the contents of the file to standard output. Make a habit of using the command below instead when decrypting files: @@ -525,7 +524,7 @@ This forces sending the output to a file called “encrypt-sec”. Which can then be viewed (or run) using any program that is suited for the file (or content) type. -!!! TIPS +!!! TIPS 1. Most of the commands and options used with the gpg program also have short forms that results in less diff --git a/docs/release_notes/8_4.md b/docs/release_notes/8_4.md index d06e279c05..3b0617d57e 100644 --- a/docs/release_notes/8_4.md +++ b/docs/release_notes/8_4.md @@ -16,7 +16,8 @@ You have made Rocky Linux what it is today, and as we go forward from this relea ## Supported Upgrades -!!! warning +!!! warning + Migration to Rocky Linux 8.4 is **not** supported from Rocky Linux 8.3 RC1, Rocky Linux 8.4 RC1, or any other release candidates. ### Conversion Tool Available @@ -94,7 +95,8 @@ Brand new in Rocky Linux 8.4 are the following new module streams: As with any release, there are sometimes bugs or issues found in the process of building that have not yet been patched or fixed upstream. We will be updating this section with new items or bugs as they are discovered. -!!! note "A Note about Secure Boot" +!!! note "A Note about Secure Boot" + We know many of you depend on Secure Boot. It is a non-trivial process to get Secure Boot for a new OS. This process is underway and the [shim-review](https://github.com/rhboot/shim-review) process should begin very soon. Rocky Linux version 8.4 will initially be released **without** Secure Boot support enabled by default. However, once the proper packages have been built and signed, another set of ISOs for Rocky Linux version 8.4 will be released **with** Secure Boot support available.