SysAdmin - Storage management

In

Linux Foundation Certified SysAdmin (LFCS): Storage management

Manage physical storage partitions

Always create bakup before doing this

  • fdisk
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    # list mounted devices
    lsblk
    # make partition: add device (dev) and partition name 'xvdf'
    sudo fdisk /dev/xvdf
    # now you use commands, 'a' -> flag is from "before UEFI" times
    g # gpt
    p # partition
    n # new partition
    # add sector, partition size
    q # exit
    # check list of mounted devices again
    lsblk
    # remove that new partition (number 2)
    sudo fdisk /dev/xvdf
    d # delete
    2 # partition id, to delete it
    w # write
    q # exit
  • gparted and parted CLI
    1
    sudo parted /dev/xvf

    Maximum number of primary partitions on an MBR disk device = 4

LVM storage

Logical Volume Managers -> group physical devices together, as a single thing

  • Create partitions

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    yum install lvm2
    # let's join multiple partitions or devices
    # file time 8e = Linux LVM
    sudo fdisk /dev/xvdf
    #create multiple partitions, primary type, type Linux LVM
    # add data about that partition
    l # show list of partition types
    t # file type
    8e # LVM
    # create physical volumes
    pvcreate /dev/xvdf1 /devxvdf2

    ## create volume group
    vgcreate tinydata /dev/xvdf1 /devxvdf2
    # create logical volume, last value is the LVM name
    lvcreate --name logical-tiny --size 600M tinydata
    # show what we have
    lvdisplay

    # use expandable file system (ext4)
    mkfs -t ext4 /dev/tinydata/logical-tiny
    # mount it
    cd /mnt
    mkdir teeny
    mnt /dev/tinydata/logical-tiny /mnt/teeny
    # show results
    df -h

  • Extend a previously existing volume

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    # create backup before this!
    fdisk /dev/xvdf
    # reboot
    # create a new physical volume
    pvcreate /dev/xvdf3

    # extend the volume group with the new partition
    vgextend tinydata /dev/xvdf3
    vgdisplay # check empty space to add (e.g. 105)
    # resize logical
    lvextend -l +105 /dev/tinydata/logical-tiny
    # resize file system
    # check status
    e2fsck -f /dev/tinydata/logical-tiny
    # resize
    resize2fs /dev/tinydata/logical-tiny
    mount /dev/tinydata/logical-tiny /mnt/teeny

  • Check volumes

    1
    2
    3
    pvs # physical volume list
    vgs # group volume list
    lvs # logical volume list

Encrypted storage

  • Format
    1
    2
    3
    4
    5
    6
    7
    8
    9
    # is the encription module loaded?
    grep -i config_dm_crypt /boot/config-$(uname -r)
    yum install cryptsetup
    # check partitions
    lsblk

    # create the encripted part
    cryptsetup -y luksFormat /dev/xvdf1
    # add passphrase
  • Use 
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    # open it, and use password
    crypstsetup luksOpen /dev/xvdf1 mySecret
    # list devices
    lsblk
    # is it mounted?
    df -h
    # create file system
    mkfs -t ext4 /dev/mapper/mySecret
    # mount it
    mount /dev/mapper/mySecret /mnt/encrypted
    # walk on by
    cd encrypted/
    ls -la
    df -h
  • Close
    1
    2
    umonut /mnt/encrypted
    cryptsetup luksClosemySecret

Mount FS at or during boot

  1. Find information
    1
    2
    3
    4
    5
    6
    7
    # table system: check manual
    man tstab
    lsblk
    # get UUid
    sudo blkid
    # add to tables
    sudo nano /etc/fstab
  2. Edit table file and it is done 
    1
    2
    # define our ext4 value __ where? __ tyoe __ nodumps __ partitionNumber
    UUID="f23e9b01-fdb4-4d40-997e-e85b0afa0bb8" /mnt/ext4 ext4 defaults 0 2

Swap space

  • swap = when there is no enough RAM, it moves inactive pages to disk
  • Never below 32MB!
  • Turn off swapoff -a, turn on swap on -a
  • Configured at boot time at fstab
    1
    2
    nano  /etc/fstab/
    #check this line '/root/swap swap swap sw 0 0'

The swap file must have a minimum of 0644 permissions, but a recommended 0600 in order to be enabled with the mkswap’ and ‘swapon’ commands

1
2
3
4
5
6
7
8
# example
sudo su
dd if=/dev/zero of=/root/extraswap.swp bs=1024 count=524288
chmod 600 /root/extraswap.swp
mkswap /root/extraswap.swp
swapon /root/extraswap.swp
cat /proc/swaps
# edit /etc/fstab to include the line: /root/extraswap.swp swap swap defaults 0 0

RAID devices

Redundant Array of Independent Disks -> unify presentation of devices + use taht space for file durability

  • Create
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    fdisk /dev/xvdf
    # create all partitions, type: fd
    # install multidisk admin
    apt-get mdadm
    # in case something goes wrong (update at the same time)
    pkg --configure -a
    ## creation
    mdadm --create --verbose /dev/md0 --level=stripe --raid-devices=2 /dev/xvdf1 /dev/xvdf2
    # check of everything went fine
    cat /proc/mdstat
    mdadm detail /dev/md0
    # file system
    mkfs -t ext4/dev/md0
    # mount
    mount /dev/md0 /mnt
  • Manage
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    # make it permanent
    # get the ARRAY line
    mdadm --detail scan
    # edit file adding the ARRAY line at the end of file
    nano /etc/mdadm/mdadm.conf
    mdadm --assemble --scan
    # update on ubuntu
    update-rc.d mdadm defaults
    ## mdmonitor for CentOS
    nano /etc/deafult/mdadm
    # AUTOSTART=true

    #check of you get fails
    mdadm --detail /dev/mdo
    # add saveguard: "if md0 fails use md2"
    mdadm /dev/md0 --add /dev/md2

Mount file systems on demand

  • connect to a samba share at will
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    yum install samba-client samba-common cifs-utils
    ## on your usual private network, -L for list
    # smbclient -U user -L share
    ## use IP on public network
    smbclient -I 172.31.2.893 -U user -L share

    # create a samba share
    mkdir samba
    # create credentials
    echo "username=user" > .smbcredentials
    echo "password=p4ss" >> .smbcredentials
    # it is plain text, so secure it with "no access"
    chmod 600 .smbcredentials

    sudo nano /etc/fstab
  • edit fstab: use IPs
    1
    2
    # cifs always
    //172.31.2.893/myshare /mt/samba cifs credentials=/mnt/.smbcredentials,defaults  0 0
  • mount
    1
    2
    # mount everything in the fstab
    mount -a

Advanced file system permissions

  • Check with ls -la, use chmod
  • ‘Sticky’ bit prevents userss from deleteing files they are not the owner of (value=1 ot T)
    1
    2
    3
    4
    5
    6
    7
    8
    # check my user groups and permissions
    whoami
    # make use `ls -la`

    ## create the sticky bit (e.g. can not delete)
    # 'stiky' bit goes before the permissions (now 4 bits)
    sudo chmod 1770 adv-perm/
    # on sticky bit, you see a 'T' on the `ls -la` command
  • Set gid bit (group ownership: value=2)
    1
    sudo setgid 2750 adv-perm/
  • Both sticky bit and gid bit (value=3)
    1
    sudo chmod 3770 adv-perm/
  • Find directory by this kind of permissions
    1
    sudo find -type d -perm -2000
  • Run app with someone’s other permission (e.g. password app -> value=4)
    1
    2
    3
    4
    5
    6
    7
    8
    9
    ls -la paasw # -rw-rrrr 1
    # change password commands works!
    passwd
    # set uid -> execute with the file owner permissions instead of mine
    which passwd # where is it
    cd /usr/bin
    ls -la passwd # -rwsr-xr-x 1-> the 's' marks this
    # I can change my own password, root too, everyone else can not
    sudo chmod 4755 passwd

Setup user and group disk quotas for file systems

  1. Install quota
    1
    2
    3
    sudo apt-get install quota
    # edit fstable
    nano /etc/fstab
  2. Edit tstab
    1
    2
    # add usrquota on the field after ext4
    LABEL=cloudimg-rootfs / ext4 defaults,discard,usrquota   0 0
  3. Remount the root and check the quota
    1
    2
    3
    4
    5
    6
    mount -o remount /
    ## try avoiding having users uploading something while doing this
    ## -c=create, -u=newUserIndex file, -g=groupIndexFile, -m=NoReadOnlyMountRequired
    quotacheck -cugm /
    # edit the quota file for user1
    edquota user1
  4. Edit the quota file (0=no limits)
    1
    2
    3
    # 200MB = 20000000
    Filesystem   blocks  soft      hard      inodes  soft  hard
    /dev/xvda1   24      20000000  25000000  8       0     0
  5. Check for user 
    1
    2
    3
    4
    # quota for a certain user
    quota user1
    # get report
    repquota -a
  6. Setup grace period (you have some time to go down the limit) 
    1
    edquota -t
  7. Edit the grace quota file 
    1
    2
    Filesystem   block grace period  Inode grace period
    /dev/xvda1   7 days              7 days

Create and configure file systems

  1. Create ext4
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    ## check status: there is '/dev/xvf1' partition
    lsblk
    ## create partition file system
    # -t=type, -V=verbose, -v=version
    # you may also add partition size, else it is default value
    sudo mkfs -t ext4 /dev/xvf1
    # create 2 directories
    sudo mkdir ext4
    # mount partitions
    sudo mount /dev/xvf1 mnt/ext4
    ## check status: there is '/dev/xvf1' partition
    lsblk
  2. Create btrfs
    1
    2
    3
    4
    5
    6
    # prepare a second partition on '/dev/xvf2'
    sudo mkdir btrfs
    sudo mkfs -t btrfs /dev/xvf2
    sudo mount /dev/xvf2 mnt/btrfs    
    ## check status: there is '/dev/xvf2' partition
    lsblk