Linux Essential D 2 of 4 PDF

red h at ®
®
TRAINING
C H A PT E R 1
CONTROLLING SERVICES AND

DAEMONS
Overview
Goal To review how to m a n a g e services and the boot - u p p rocess

using syst emc t l.
Objectives • M a n a g e h ow syst emd starts up syst em d a e m o n s a n d

network services, u s i n g syst emc t l.
• Control a n d troubleshoot system b o ot u s i n g s y s t emd

t a rgets.
Sections • Contro l l i n g S e rvices w i t h sys t emc t l ( a n d Practi ce)
• Contro l l i n g the B oot P rocess (and P ract i ce)
Lab • Contro l l i n g Services a n d D a e m o n s
RH254- R H E L7-en-1-20140711
-
C h a pter 1 . C o n t ro l l i n g Se rvices a n d D a e m o n s
-
Cont ro l l i n g S e rv i ces w i t h syst e m ct l

-
O bject ives
-
After co m p l et i n g t h i s sect i o n , stu d e nts s h o u l d b e a b l e to:
• List syst e m d a e m o n s and n etwo rk se rvi ces started by the syst emd service and socket u n its.
-
• Contro l syste m d a e m o n s a n d netwo r k services u s i n g sys t emc t l.
I nt ro d u c t i o n to systemd
-
System sta r t u p a n d s e rver p rocesses a re m a n a g e d by t h e systemd System and Service Manager.

T h i s pro g ra m p rovides a method for activati n g system resou rces, server d a e m ons, a n d other -
p rocesses, bot h a t b oot time a n d o n a r u n n i n g syst e m .
Daemons a re p rocesses t h a t w a i t o r r u n i n t h e b a c kg ro u n d p e rfo r m i n g va r i o u s t a s k s . To l i sten fo r -
con nect i o n s, a d a e m o n uses a socket. Soc kets m a y be created by d a e m o n s o r may be separated

from t h e d a e m o n and be c reated by a n ot h e r p rocess, s u c h as systemd, w h i c h then passes the
soc ket to the d a e m o n when a c o n n e c t i o n i s esta b l i s h e d by a c l i e nt. -
A service ofte n refers to one or more d a e m o n s , but start i n g o r sto p p i n g a se rvice may
i n stead m a ke a one-t i m e c h a n ge to the state of the system (for exa m p l e, to confi g u re network -
i nte rfaces), w h i c h does n ot i nvo l ve l e a v i n g a d a e m o n p rocess r u n n i n g afte rwa rd.
A bit of h i story -
Fo r many yea rs, p rocess ID 1 of L i n u x and U N I X systems has been t h e init p rocess. This process
was res p o n s i b l e for a ct i vat i n g ot h e r servi ces o n the system. Freq u e n t l y used d a e m o n s were
started o n systems at boot t i m e with System V a n d L i n u x Sta n d a rd Base (LSB) init scri pts. -
Less freq u e n t l y u sed d a e m o n s were started o n d e m a n d by a n ot h e r service, s u c h a s initd or

xine t d . These systems have seve ra l l i m itations, w h i c h a re a d d ressed with syste m d .
-
I n R e d H at E nterprise L i n u x 7, process I D 1 is sys t emd, t h e new i n it syst e m . A few of t h e new

featu res p rovi d e d by syste m d i n c l u d e :
-
• Pa ra l l e l iz a t i o n capa b i l iti es, w h i c h i n c rease t h e b o o t s p e e d of a system.
• O n -d e m a n d sta rt i n g of d a e m o n s w i t h o u t req u i r i n g a sepa rate service.

-
• Automatic se rvice d e p e n d ency m a n a g e m e n t p revents long t i m eouts, s u c h a s not sta rti n g a

n etwo r k service w h e n t h e netwo r k is not ava i l a b l e.
-
• A met h o d of t ra c k i n g re l ated p rocesses toget h e r u s i n g L i n u x control g ro u ps.
-
N ote
W i t h syste m d , s h e l l-ba sed service scripts a re used o n l y for a few l e g a cy services.
-
Therefore, confi g u ra t i o n files with s h e l l va ria b l es, such a s t hose fou n d i n
/ e t c / sysconfig, a re b e i n g re p l a ced. Those sti l l i n use a re i n c l u d e d a s syst e m d
e nv iro n m e nt f i l es a n d r e a d a s N A M E=VA L U E p a i rs. T h e y a re no l o n g e r s o u rced a s a
-
s h e l l s c r i pt.
2 R H 254-R H E L 7-en-1 -20140711 -
-
-
I nt rod u c t i o n to sys t emd

-
syst emc t l and syst emd u n its

T h e sys t emc t l c o m m a n d is used to m a n a g e d i ffere n t types of syste m d o bj e cts, ca l l ed units. A
-
l i st of a va i l a b l e u n it types ca n be d i s p l ayed w i t h systemc t l - t help.
-
I m p o rta nt
T h e systemc t l m a y a b b reviate o r " e l l i psize" u n it n a m es, p rocess t ree e n t ries, and
- u n it d e s c r i p t i o n s u n l ess run w i t h t h e - 1 o p t i on.
S o m e c o m m o n u n i t types a re l i sted as fo l l ows:

-
• Service units h a ve a .service exte n s i o n and re p rese n t system services. T h is type of u n it is u s e d

to s t a r t freq u e n t l y a ccessed d a e m ons, s u c h a s a web server.
-
• Socket units h ave a .socket exte n s i o n a n d re p resent i nt e r p rocess c o m m u n i c a t i o n ( I PC ) sockets.

Control of the soc ket w i l l b e passed to a d a e m o n o r newly started service when a c l i e nt
-
c o n n e c t i o n is m a d e. Socket u n its a re u s e d to d e l a y t h e start of a service at boot t i m e a n d to
start l ess freq u e n t l y u sed services on d e m a n d . These a re s i m i l a r in p r i n c i p l e to servi ces w h i c h
use t h e xine t d s u p e rse rve r to sta rt o n d e m a n d .
-
• Path units h a v e a . p a t h exte n s i o n a n d a re used to d e l a y t h e activat i o n of a service u nt i l

a s p e c i f i c f i l e syst e m c h a n g e occ u rs. T h i s i s c o m m o n l y u s e d f o r services w h i c h u s e spool
-
d i rectories, such a s a printing syste m .
Service states
-
The sta t u s of a service can be vi ewed with sys t emc t l s t a t u s name . type. If the u n i t type is
not p rovi d e d , sys temctl wi l l s h ow t h e sta t u s of a service u n it, if one exi sts.
- r-·
! [ ro o t @ s e r v e r x - ] # systemc t l s t a t u s sshd . s e rvice
' s s h d . s e rvice - OpenSSH s e r v e r d aemon
Loaded : loaded ( / u s r/lib/sys t e m d / s y s t e m/ s s h d . se rvic e ; enabled )
- Act ive : ac t ive ( r u n n i n g ) s i n c e T h u 2 0 14 - 02 - 2 7 11 : 51 : 39 EST ; 7 h ago
Main P I O : 1073 ( s s h d )
CG r o u p : / s y s t e m . slice/ s s h d . s e r vice
L.._ 10 73 / u s r / s b i n / s s h d -D
-
F e b 27 11 : 51 : 39 s e rve r 0 . example . com s y s t em d [ 1 ] : S t a r t ed OpenSSH s e r v e r d aemon .

F e b 27 11 : 5 1 : 39 s e r ve r 0 . example . com s s h d [ 10 7 3 ] : Could n o t load h o s t key : / e t . . . y
F e b 27 11 : 51 : 39 s e r ve r 0 . example . com s s h d [ 10 73 ] : Serve r lis t e n i n g o n 0 . 0 . 0 . 0 . . . .
F e b 27 11 : 51 : 39 s e r ve r 0 . example . com s s h d [ 10 7 3 ] : Serve r l i s t e n i n g on : : p o r t 22 .
F e b 27 11 : 53 : 21 s e r ve r 0 . example . com s s h d [ 12 70 ] : e r r o r : Could n o t load h o s t k . . . y
F e b 27 11 : 53 : 22 s e r ve r 0 . example . c om s s h d [ 12 70 ] : Ac c e p t e d pas swo r d f o r r o o t f . . . 2
- H i n t : Some l i n e s we r e ellip s i z e d , u s e -1 t o s h ow in full .
Seve ra l keywords i n d i c a t i n g t h e state of t h e service c a n be fo u n d i n t h e status o u t p ut:

-
Keyword: Descri p t i o n :
loaded U n it confi g u ra t i o n f i l e h a s been p rocessed.
-
active ( r u n n i n g ) R u n n i n g w i t h o n e o r m o re cont i n u i n g p rocesses.

a c t i ve (ex ited) S u ccessfu l l y c o m p l eted a o n e-t i m e config u ra t i o n .
-
a c t i v e (wa i t i n g ) R u n n i n g b u t wa i t i n g fo r a n eve nt.

i n a ctive N ot r u n n i n g .
-
- R H254- R H E L 7 - en -1-20140711 3
-
-
C h a pter l . Contro l l i n g S e rv i ces a n d D a e m o n s

-
Keyword: Desc r i pt i o n :
enabled W i l l be started at boot t i m e. -
disabled W i l l not be sta rted a t b o o t ti me.

sta t i c C a n not be e n a b l e d , b u t m a y be started by a n e n a b l e d u n it -
a utomatica l l y.
-
N ote
T h e sys t emc t l s t a t u s NAME c o m m a n d rep l a ces t h e se rvice NAME s t a t u s
com m a n d u s e d i n prev i o u s vers i o n s o f R e d H a t Enterprise L i n u x . -
L i st i n g u n it fi l es w i t h systemctl
-
• Q u e ry t h e state of a l l u n its to verify a system sta rtup.

-
r
: [ r oo t@se r v e r x - ] # sys temctl
L_
-
• Q u ery t h e state of o n l y t h e service u n its.
f � � � - type :: ervice
[ r o o t @ s e r v e r x - ]# sys t e ct -
-- �---'
-�- --�------------
--
• I nvest i g ate a n y u n its w h i c h a re i n a fa i l ed or m a i nt e n a n ce state. Option a l l y, add t h e -1 option
-
to show t h e f u l l output.
!; [ ro o t @ s e r v e r X - ] # systemctl s t a t u s rngd . se rvice -1

-
• T h e s t a t u s a rg u m e n t m a y a l so be used to determ i n e if a pa rti c u l a r u n it is active a n d s h ow if

t h e u n it i s e n a b led to start at boot ti me. A l te r n ate com m a n d s c a n a l so easily show t h e a ctive -
and e n a b l ed states:
l� ot@s ;� v e r X - ]� systemct� �� - act �ve sshd

--
I
-
[ root@se r v e r x - ] # systemctl is - enabled sshd
-
• L ist the active state of a l l l o a d e d u n its. Optio n a l l y, l i m it the type of u n it. The - - all option w i l l
a d d i n active u n its.
-
[ r oot@se r v e r X - ] # systemctl lis t - units - - type=service
[ r oot@se r v e r x - ] # sys temctl list - units - - type=service - - all
-
• View t h e e n a b l ed a n d d i sa b l ed sett i n g s for a l l u n its. Optio n a l l y, l i m it t h e type of u n it.
j
- -- - ----- - ---�
-
[ r oot@s e r v e r X - ] # systemctl list - u nit - files - - type=se rvice -

_, � -- - - ----- -�- --�-��-�-
• View o n l y fa i l ed services.
-
� �- ty�e=se rvice
-----�
l : : ��
-- --�
-.----T-��-
;�-
- ·-----· ��---- -
[ root@se r v e r X - ] # syst mct - f led

_ - -
4 R H 254- R H E L 7-en-1 -20140711 -
-
-
Sta r t i n g a n d sto p p i n g system d a e m o n s o n a r u n n i n g system
Sta rt i n g a n d sto p p i n g syste m d a e m o n s on a r u n n i n g

-
syste m
Start i n g , stoppi n g , resta r t i n g , re l o a d i n g , a n d verify i n g sta t u s a re c o m m o n act i o n s performed
-
when a d m i n iste r i n g services.
• View t h e stat u s of the sshd se rvi ce.

-
[ r oot@serverx - ] # systemc t l status sshd . se rvice

s s h d . s e r vice - O p e n SSH s e r v e r daemon
Loaded : loaded ( / u s r /l i b / s y s t emd / s y s t em /s s h d . s e rvice ; enabled )
-
Ac t ive : a c t ive ( r u n n i n g ) s i n c e T h u 2014 - 02 - 2 7 11 : 51 : 39 EST ; 7h ago
Main P I O : 1073 ( s s h d )
CG r o u p : / s y s t e m . s lice/s s h d . s e r vice
L.__ 10 73 / u s r / s b i n / s s h d - D
-
• Verify t h a t t h e process i s r u n n i n g .
-
[ r oot@se rve r X - ] # ps - up 1673

USER P I O %CPU %M E M VSZ RSS TTY STAT START T I M E COMMAND
- root 10 73 0 . 1 0 . 0 8 2 9 9 2 3612 ? Ss 15 : 15 0 : 00 /u s r / s b i n / s s h d - D
• Stop t h e service a n d verify t h e status.

-
[ r o o t @ s e r v e r x - ] # systemctl s t o p sshd . service

[ r oo t @ s e r v e r x - ] # sys t emctl status sshd . se rvice
-
s s h d . s e r vice - O p e nSSH s e rve r daemon
Loaded : loaded ( / u s r / l i b / s y s t e m d / s y s t e m/ s s h d . s e rvice ; enabled )
Ac t ive : i n a c t ive ( d ead ) s i n c e T h u 2014 - 02 - 2 7 18 : 51 : 39 EST ; 2s ago
- Main P I O : 1073 ( c o d e = e x i t e d , s t a t u s = 0/SUCCESS )
• Start t h e service a n d v i ew t h e stat u s. The p rocess I D h a s c h a n g e d .

-
[ r o o t @ s e r v e r X - ] # systemctl s t a r t sshd . se rvice

[ r oot@serverX - ] # systemctl s t a t u s sshd . s e rvice
s s h d . s e rvice - O p e nSSH s e r v e r daemon
Loaded : loaded ( / u s r / l i b / s y s t em d / s y s t em/ s s h d . s e rvic e ; enable d )
Ac t ive : ac t ive ( r u n n in g ) s i n c e T h u 2014 - 02 - 2 7 18 : 52 : 3 9 EST ; 2s ago
Main P I O : 1253 ( s s h d )
CG r o u p : / s y s t e m . slice/ s s h d . s e rvice
L.__ 1253 / u s r / s bi n / s s h d - D
-
• Stop, t h e n sta rt. t h e service i n a s i n g l e co m m a n d .
- [ r oot@serverX - ] # systemctl restart sshd . se rvice

[ r oo t @ s e r v e r x - ] # systemctl s t at u s sshd . se rvice
s s h d . s e rvice - O p e nSSH s e r v e r d aemon
Loaded : loaded ( / u s r /l i b / s y s t em d / s y s t em/ s s h d . se rvice ; enabled )
- Ac t ive : ac t ive ( r u n n i n g ) s i n c e T h u 2 0 14 - 02 - 2 7 18 : 54 : 39 EST ; 2s ago
Main P I O : 1268 ( s s h d )
CG r o u p : / s y s t e m . slice/ s s h d . se rvice
L.__ 1268 / u s r / s b i n / s s h d - D
-
-
R H 254- R H E L 7-en-1 -201 40711 5
-
C h a pter 1 . C o n t ro l l i n g S e rvices a n d D a e m o n s
-
• I ss u e i nst r u c t i o n s for a service to r e a d a n d re l o a d its confi g u ra t i o n fi l e w i t h o ut a co m p l ete sto p

a n d start. T h e p rocess I D w i l l n o t c h a nge.
-
[ ro o t @ s e r v e r x - ] # systemctl reload sshd . se rvice

[ root@s e r v e r x - ] # systemctl s t a t u s sshd . se rvice
s s h d . s e rvice - OpenSSH s e r v e r daemon -
Loaded : loaded ( / u s r/lib/sys t em d / s y s t e m/ s s h d . se rvice ; enabled }

Ac t ive : act ive ( r u n n ing ) s i n c e T h u 2014 - 02 - 2 7 18 : 55 : 09 EST ; 3 2 s ago
Main P I O : 1268 ( s s h d )
-
C G r o u p : / s y s t em . slice/ s s h d . se rvice
L._ 1268 / u s r / s b i n/ s s h d - D
-
U n i t d e p e n d e n c i es
Se rvi ces m a y be sta rted as d e p e n d e n cies of ot h e r se rvices. I f a socket u n i t i s e na b l ed a n d t h e
service u n it w i t h t h e s a m e n a m e i s not, t h e s e r v i c e w i l l automatica l ly be s t a r t e d w h e n a req uest -
i s made on the n etwo r k soc ket. S e rvices may a l so be t r i g g e re d by path u n its w h e n a f i l e syste m
condition i s met.
-
The sys t emc t l list - dependencies UNIT co m m a n d c a n be u sed to d i s p l ay a t ree of other
u n its which m u st be started i n conj u n c t i o n w i t h a specific u n it. T h e - - r eve r s e o p t i o n to this
command w i l l s h ow w h a t u n i t s need to have t h e specified unit started i n order to r u n . -
M a s k i n g services
A syste m m a y h a ve c o n f l i c t i n g services i n sta l l e d for a cert a i n f u n c t i o n , such a s fi rewa l l s ( i pta b l es -
a n d firewa l l d ) . To prevent a n a d m i n istrator f ro m a c c i d e nta l l y start i n g a se rvice, a service may be

masked. M a s k i n g c reates a l i n k i n t h e config u ra t i o n d i recto ries so t h a t if the service is started,
nothing w i l l h a p p e n . -
�1 [ r oot@s e r v e r x - ] # systemctl mask netwo r k

ln - s ' /dev/n ull ' ' /e t c / s y s t emd / s y s t em/ n e t wo r k . s e rvice ' -
[ r oot@s e r v e r x - ] # systemctl unmask netwo r k
L.
rm ' /e t c / s y s t em d / s y s t em/netwo r k . s e rvice '
-
I m po rta nt
-
A d i s a b l e d service w i l l n ot be started a utomatica l l y at boot o r by other unit f i l es,
b u t can b e started m a n u a l l y. A m a s ked service ca n n ot b e started m a n u a l l y or
a u t o m a t i ca l l y.
-
E n a b l i n g syste m d a e m o n s to sta rt o r sto p a t boot
Services a re sta rted at boot t i m e w h e n l i n ks a re c reated i n t h e a p p ropriate syst emd
config u ra ti o n d i rectories. These l i n ks a re created a n d removed with sys temc t l c o m m a nds. -
• View t h e sta t u s of a service.

-
[ root@s e r v e r x - ] # systemctl s t a t u s sshd . se rvice
-
• D i sa b l e the service a n d verify the sta t u s. N ote t h a t disa b l i n g a service does not stop t h e
se rvice.
-
6 R H 254- R H E L 7 - e n -1 -20140711 -
-
-
S u m m a ry of sys t em c t l com m a n d s
-
�-�-- ·---�---·
[ r oo t @ s e r v e r x - ] # systemc t l disable sshd . se rvice

- t [ ro o t @ s e r v e r X - ] # systemct l s t a t u s sshd . se rvice
-
E n a b l e t h e service a n d verify t h e status.
I
; [ r o o t @ s e r v e r X - ] # systemc t l enable sshd . service
[ ro o t @ s e r v e r X - ] # systemct l is - enabled sshd . se rvice
-
I
-
S u m m a ry of systemctl co m m a n d s
Services c a n b e sta rted a n d sto p p e d o n a r u n n i n g syst e m a n d e n a b l ed o r d i s a b l e d for a ut o m a t i c
s t a r t a t boot t i m e.
-
Co mma n d : Ta s k :
sys t em c t l s t a t u s UNIT V iew deta i l e d i n fo r m a t i o n a b o u t a u n it state.
-
sys t em c t l s t o p UNIT Stop a service o n a r u n n i ng syste m .
sys t emc t l s t a r t UNIT Start a service o n a r u n n i n g syste m .
-
sys t emc t l r e s t a r t UNIT Restart a service o n a r u n n i n g syste m .
sys t emc t l reload UNIT Reload confi g u rat i o n f i l e of a r u n n i n g service.
-
sys t emc t l mas k UNIT Co m p l et e l y d i s a b l e a service from b e i n g
sta rte d , both m a n u a l l y a n d at boot.
- sys t emc t l u nmas k UNIT M a ke a m a s ked service ava i l a b le.

sys t emc t l enable UNIT Config u re a service to start at boot t i m e.
-
sys t emc t l disable UNIT D i sa b l e a service from start i n g at boot t i me.
sys t emc t l list - dependencies UNIT L i st u n its w h i c h a re req u i re d a n d wa nted by
t h e s p e c i f i e d u n it.
-
R Refe re n ces
-
sys t emd(2), syst emd . u n i t (5), syst emd . se rvice(5), syst emd . soc k e t (5), a n d
syst emct l(1 ) m a n pages
...
A d d i t i o n a l i n fo r m a t i o n m a y b e a va i l a b l e i n t h e c h a pter o n m a n a g i n g services with
syst emd i n the Red Hat Enterprise Linux System Administrator's Guide for Red H at
E n t e r p rise L i n u x 7, w h i c h c a n be fo u n d a t
-
http://d ocs.re d hat.com/
-..
R H 254- R H E L 7-en-1 -20140711 7
-
-
C h a pter 1 . C o n t ro l l i n g S e rvices a n d Dae m o n s

-
P ra ct i ce : U s i n g syste m ct l to M a n a g e S e rv i ces
-
G u i d e d exe rc i s e -
I n t h i s l a b, you w i l l m a n a g e a service u n it that i s a l ready i n sta l l e d o n t h e system.
r'*'*�
-
Machlnes� .....
O utcomes:
-
T h e ch r onyd service is d i s a b l e d and n o l o n g e r r u n n i n g o n the system.
Before y o u begin. ..
-
Reset y o u r serverX syste m .
D 1. Observe t h e res u l ts o f t h e systemc t l r e s t a r t a n d syst emc t l reload co m m a nd s .

-
D 1 .1 . D i s p l a y t h e stat u s o f t h e sshd service. N ote t h e p rocess I D o f t h e d a e m o n .

- --·------ -----
-
[ s t u d e n t @ s e r v e r X - ] $ sudo systemct l s t a t u s sshd
s h d . se rvice - Ope nSSH s e r v e r daemon
Loaded : loaded ( / u s r/lib/sy s t emd / sy s t e m/ s s h d . se rvice ; enabled )
Ac t ive : ac t ive ( r u n n i n g ) since Tue 2014 - 0 6 - 10 09 : 09 : 50 EDT ; 35min ago -
P r o c e s s : 1061 ExecS t a r t P r e=/ u s r / s b i n / s s h d - keygen ( c ode=exit ed , s t a t u s=0/
SUCCESS )
Main P I D : 1077 ( s s h d )
CG r o u p : / s y s t em . s lice/ s s h d . se rvice -
L.. 1077 / u s r / s b i n / s s h d - D
D 1 .2. Rest a rt t h e sshd service a n d view t h e sta t u s. T h e process ID of t h e d a e m o n h a s

changed.
-
[ s t u d e n t@ s e r v e r X - ] $ s u d o systemc t l r e s t a r t sshd
[ s t u d e n t@s e r v e r X - ] $ sudo systemc t l s t a t u s sshd
s s h d . se rvice - OpenSSH server daemon -
Loaded : loaded ( / u s r/lib/sy s t emd / s y s t em / s s h d . se rvice ; enable d )

Ac t ive : a c t ive ( r u n n i n g ) s i n c e Tue 2014 - 0 6 - 10 09 : 48 : 00 EDT ; ls ago
P r o c e s s : 2851 Execs t a r t P r e = / u s r/ s b i n / s s h d - keygen ( c ode=exi t e d , s t a t u s=0/
-
SUCCESS )
Main P I D : 2852 ( s s h d )
CG r ou p : / s y s t e m . s lice / s s h d . s e r vice
L.. 2052 / u s r / s b i n / s s h d - D -
D 1.3. Reload t h e sshd service a n d view t h e sta t u s. T h e p rocess ID of t h e d a e m o n h a s -
n ot c h a n g e d a n d co n n ections h a v e n ot been i nterrupted.
8 R H 254-R H E L 7 - e n -1 -20140711
-
-
G u i d e d exercise
-
[ s t u d e n t@se r v e r x - ] $ sudo systemc t l reload sshd

[ s t u d e n t@ s e r v e r X - ] $ sudo systemctl s t a t u s sshd
-
s s h d. s e r vice - OpenSSH s e r v e r daemon
L o a d e d : loaded ( / u s r/lib/sys temd/ s y s t em/ s s hd. s e rvice ; enabled )
Ac t ive : a c t ive ( r u n n i n g ) s i n c e Tue 2 0 14 - 06 - 10 0 9 : 48 : 00 EDT ; 1 2 s ago
- P r o c e s s : 2860 ExecReload = / b in / k ill - HU P $MAI N P I D ( code=exi t e d , s t a t u s=0/
SUCCESS )
P r o c es s : 2851 ExecS t a r t P r e=/ u s r / s b i n / s s h d - keygen ( code=ex i t e d , s t a t u s =0/
SUCCESS )
-
Main P I O : 2 8 5 2 ( s s h d )
C G r o up : / s y s t e m . slice/ s s h d. s e r vice
L,_ 2 8 5 2 / u s r / s bi n / s s h d - D
D 2. Verify that t h e c h r onyd service i s r u n n i n g .

-
[ s t u d e n t @ s e r v e r X - ] $ sudo systemctl status c h r o nyd

c h r o nyd . s e rvice - NTP c l ie n t / s e r v e r
- Loaded : loaded ( / u s r / l i b / s y s t e m d / s y s t em/c h r o nyd . se rvice ; e n able d )
Ac t ive : a c t ive ( r u n n in g ) since Tue 2 0 14 - 06 - 10 0 9 : 09 : 44 EDT ; 43min ago
P r o c es s : 4 9 0 ExecS t a r t Po s t = / u s r /libexec/c h r o n y - h e l p e r add - d hclie n t - s e r ve r s
( code=exi t e d , s t a t u s=0/SUCCESS )
- P r oce s s : 450 ExecS t a r t = / u s r / s b i n / c h r onyd - u c h r o n y $OPTIONS ( co d e = e x i t e d ,
s t a t u s =0/SUCCESS )
Main P I O : 467 ( c h r onyd )
C G r o up : / s y s t em.slice/c h r onyd. s e rvice
-
L._ 457 / u s r / s b i n /c h r o nyd -u c h r o n y
-
D 3. Stop t h e c h r onyd service and view t h e status.
- [ s t u de n t @ s e r v e r X - ] $ sudo syst emc t l stop c h ronyd

[ s t u d e n t @ s e r v e r X - ] $ sudo systemctl s t a t u s c h ronyd
c h r onyd. s e rvice - NTP c l ie n t / s e r v e r
Loaded : l o a d e d ( / u s r / l i b / s y s t e md / s y s t em/c h ro n y d. s e rvice ; e n abled )
-
Ac t ive : i n a c t ive ( d ead ) since Tue 2 0 14 - 06 - 10 0 9 : 5 3 : 36 EDT ; 4s ago
P r oce s s : 490 Execs t a r t Po s t = / u s r/libexec/c h ro n y - h e l p e r add - d hclien t - s e r v e r s
( code=exi t e d , s t a t u s =0/SUCCESS )
P r oce s s : 450 Execs t a r t = / u s r / s b i n / c h r o nyd - u c h r o n y $OPTIONS ( code=ex i t e d ,
-
s t a t u s=0/SUCCESS )
Main P I O : 4 6 7 ( co d e = e x i t e d , s t a t u s = 0/SUCCESS )
...
D 4. Dete r m i n e if t h e ch ronyd s e rvice i s e n a b l ed to start at system boot.

-
[ s t u d e n t @ s e r v e r X - ] $ sudo syst emct l is - enabled ch ronyd
enabled
D 5.
... I
Reboot the syste m .
[ s t u d e n t @ s e r v e r x - ] $ sudo reboot
D 6. Log i n to the se rverX system and view the stat u s of the c h ronyd se rvice.
-
- R H254- R H EL 7-en-1 -20140711 9
-
-
C h a pter l . C o n t ro l l i n g S e rvi ces a n d D a e m o n s

-
[ s t u d e n t@s e rve r X - ] $ sudo syst emct l s t a t u s ch ronyd

c h r o nyd.se rvice - NTP c l ie n t / se r v e r
-
Loaded : l o a d e d ( / u s r /l i b / s y s t e md / s y s t em/c h r onyd. s e rvice ; enabled )
Ac t ive : a c t ive ( r u nni n g ) s i n c e T u e 2 0 14 - 06 - 10 09 : 5 5 : 22 EDT ; 9min ago
P r oc e s s : 487 Execs t a r t P o s t = / u s r/libexec / c h r o n y - h e lp e r add - d h clie n t - s e r v e r s
( c od e = e x i t e d , s t a tus=0/SUCCESS ) -
P r oc e s s : 451 Execst a r t = / u s r / s b i n / c h r o n y d - u c h r o n y $OPT I O N S ( c ode=exit e d ,
s t a t u s =0/SUCCESS )
C G r o up : / s y s tem . slice/c h ro n y d.se rvice -
1._ 474 / u s r / s bi n / c h ronyd -u c h rony
D 7. D i sa b l e t h e c h ronyd service so t h a t it does n ot start at system boot, t h e n v i ew t h e

stat u s of t h e servi ce.
-
[ s t u d e n t@ s e r v e r x - ] $ sudo systemc t l disable chronyd

[ s t ud e n t@ s e r v e r X - ] $ sudo systemc t l s t at u s ch ronyd
c h r o n y d . s e rvice - NTP clie n t / se r v e r -
Loaded : loaded ( / u s r /lib/ s y s t e md / s y s t em / c h ronyd . se r vice ; d isabled )

Ac t ive : a c t ive ( r u n n i n g ) s i n c e T u e 2 0 14 - 06 - 10 09 : 55 : 22 EDT ; 9min ago
-
C G r o up : / s y s t em. slice/c h r onyd. s e rvice
1._ 474 / u s r / s b i n / c h ronyd -u c h r o n y
D 8. Re boot t h e syste m.
I [ s t u d e n t@se rve rx - ] $ sudo reboot

-
D 9. Log in to t h e serverX system a g a i n a n d view t h e stat u s of t h e c h ronyd service. -
[ s t u d e n t@ s e r v e r x - ] $ sudo sys t emct l s t a t u s ch ronyd

c h r o n y d. s e rvice - NTP clien t / s e r v e r -
Loaded : loaded ( / u s r/lib/sys t emd / s y s t em/c h r onyd. s e rvice ; d isabled )
Ac t ive : i n ac t ive ( dead )
10 R H254- R H E L 7-en-1 -20140711 -
-
-
C o n t ro l l i n g t h e Boot P rocess
Co n t ro l l i n g t h e B o ot P rocess
-
-
O bj e c t i ves
After c o m p l e t i n g t h i s sect i o n , st u d e nts s h o u l d b e a b l e to i n f l u e nce t h e b o o t p rocess a n d b e a b l e
t o re p a i r c o m m o n boot issues u s i n g syst emd ta rg ets.
-
Se l ect i n g a syste m d ta rg et
A syst emd t a rg et is a s e t o f syst emd u n its t h a t s h o u l d be started to rea c h a d e s i re d state.
-
I m portant ta rgets a re l isted in the fo l l o w i n g ta b l e.
Ta rget P u r pose
-
g r ap h ical . t a r g e t System s u p p o rts m u l t i p l e u sers, g ra p h i c a l a n d text-based

l o g i n s.
-
mult i - u se r. t a r g e t System s u p p o rts m u l t i p l e users , text- based l o g i n s o n l y.
rescue . target s u login prom pt. basic system i n i t i a l i z a t i o n co m p l eted.
- eme r g e n cy . t a r g e t s u login p ro m pt. init r amfs p i vot co m p l ete a n d syste m root
m o u nted o n I read -o n l y.
I t is possi b l e for a t a rg et to be a pa rt of a n o t h e r ta rget; for exa m p l e, t h e g r aphical . t a r g e t

i n c l u d e s m u l t i - u s e r . t a r g e t , w h i c h i n t u r n d e p e n d s o n basic . t a r ge t a n d others. These
d e p e n d e n c i e s can be v i ewed from the com m a n d l i n e with the fo l l owi n g c o m m a n d :
!
-
[ r oo t @s e r v e rx - ] # systemc t l lis t - dependencies g r aphical . t arget I g rep target

l __
.��-
-
A n ove rview of a l l ava i l a b l e ta rgets ca n b e v i ewed with:
-
J [ r oo t @ s e r v e r X - ] # systemc t l list - un i t s - - type=target - - all
An ove rview of a l l ta rgets i n sta l l ed on d i s k c a n be v i ewed w i t h :
I!
-
[ r oo t @ s e r v e r x - ] # systemc t l list - unit - files - - type=target - - all
...
S e l e c t i n g a t a rg et at r u n t i m e
O n a r u n n i n g system, a d m i n i st rators c a n c h oose to switch to a d iffe rent ta rget u s i n g t h e
-
sys t emc t l isola t e com m a nd; for exa m p l e, syst emc t l isola t e m u l t i - u s e r . t a r g e t .
N ote
-
N o t a l l t a rgets c a n be i s o l a t e d . O n l y t a rgets t h a t have Allowi solat e=yes set in t h e i r

u n it f i l es c a n b e i s o l ated; f o r exa m p l e, t h e g raphical . t a r g e t t a rget c a n be isolated,
- b u t t h e c ry p t s et u p . target targ e t ca n not.
- Sett i n g a d e fa u l t ta rget
W h e n the system sta rts, and control is passed ove r to syst emd from the init ramfs, sys t emd
w i l l t ry to a c t i vate t h e default . t a r get t a rg et. N o r m a l l y t h e default . target ta rget w i l l
-
- R H254- R H E L 7-e n-1 -201 40711 11
-
....
C h a pter 1 . Contro l l i n g S e rvices a n d D a e m o n s
b e a sym b o l i c l i n k ( i n / e t c / syst emd /system/) to e i t h e r g r aphical . t a r get o r mult i

user . target.
-
T h e sys t emc t l too l p rovides two c o m m a n d s to m a n a ge t h e l i n k: get - default a n d s e t

default.
-
[ r oot@s e rverX - ] # sys t emc t l get - default
i
m u l t i - u se r. t a r g e t
[ r oot@se r v e r X - ] # sys t emc t l set - default g raphical . t arget -
r m ' /e t c / s y s t em d / s y s t em/default. t a r g e t '

I
i,
ln - s ' / u s r/lib/sy s t em d / s y s t em/ g r ap h ical. t a r g e t ' ' /e t c / s y s t em d / s y s t em/default. t a r g e t '
[ r oot@serverx - ] # sys t emctl get - default
I
-
g r aphical. t a r g e t
.....____ �� -�� -�� ·��.
S e l ec t i n g a d i fferent t a rget at boot t i m e -
To se l ect a d i fferent ta rget a t b o o t t i me, a spec i a l option c a n b e a p pe n d e d t o t h e ker n e l

c o m m a n d l i n e from t h e b o o t l o a d e r : sys t emd . u n i t = . For exa m p l e, to boot t h e syste m i nto a
rescue s h e l l , pass t h e fo l l owi n g option at t h e i nte ractive boot l o a d e r m e n u :
I
-
s y s t emd. u n i t = r e s c u e. t a r g e t
-
To use t h i s m e t h o d o f s e l e ct i n g a d i fferent ta rget, u s e t h e fo l l owi n g p roce d u re f o r Red H a t

Enterprise L i n u x 7 systems:
-
1. ( Re)boot t h e system.
-
2. I nterru pt t h e boot l o a d e r menu cou ntdown by p ress i n g any key.
3. M ove the c u rsor to the e ntry to b e started.

-
4. Press e to e d it the c u rrent e ntry.
5. M ove the c u rsor to the l i n e that starts with linux16. This i s the k e r n e l com m a n d l i ne. -
6. A p p e n d systemd . u n i t = desi red . ta rget.

-
7. Press Ct rl +x to boot with t h ese c h a nges.
R ecove ri n g t h e root pa sswo rd -
Recove r i n g the root pa ssword i s a t r i v i a l task w h i l e sti l l l o g g e d in as an a d m i n i strator or a u s e r

w i t h f u l l sudo a ccess, b u t i s s l i g h t l y m o re i nvolve d w h e n a n a d m i n i st rator i s not l o g g e d i n . I n t h e
latter s i t u a t i o n , t h e a d m i n i strato r cou l d b o o t f r o m a Live C D, m o u n t t h e root f i l e syst e m f r o m -
t h e re, a n d e d i t /etc/s hadow. A d m i n istrators s h o u l d a lso be a b l e t o perfo r m root password

recovery without t h e use of exte r n a l m e d i a .
-
N ote
-
O n Red H a t Enterprise L i n u x 6 a n d e a r l i e r, a n a d m i n istrator cou l d boot t h e syste m
i nto run/eve/ 1 , a n d b e presented w i t h a root prom pt. T h e c l osest a n a l o g s to
r u n l evel 1 on a Red H a t Enterprise L i n u x 7 m a c h i n e a re t h e rescue . t a rget a n d
eme rgency . t a r g e t ta rgets, both o f w h i c h req u i re t h e root password to l o g i n .
12 R H 254- R H E L 7 - e n -1 -20140711 -
-
-
Recove r i n g t h e root password
-
O n Red H a t Enterprise L i n u x 7, it is possi b l e to have t h e scri pts t h a t r u n from t h e init ramfs

p aus e at certa i n points, p rov i d e a root s h e l l , and then c o nt i n u e when t h a t sh e l l exits. W h i l e t h i s
-
i s most l y m e a nt f o r d e b u g g i n g , it c a n a lso be u s e d to recove r a lost r o o t password:
1. Reboot t h e syste m.
-
2. I nt e r r u pt t h e b o ot l o a d e r cou ntdown by press i n g a ny key.
-
3. M ove t h e c u rs o r to the e n t ry that needs to b e booted .
4. P ress e to edit the s e l ected e n t ry.
-
5. M ove the c u rs o r to the k e r n e l co m m a n d l i n e (the l i n e that starts with linux16.
6. A p p e n d rd . b reak (t h i s w i l l break j u st before control i s h a n d ed from t h e init r amfs to t h e

- a ct u a l syste m).
k>-,�
< /��'>
-
N ote
T h e init r amfs p ro m pt w i l l s h ow u p o n w hatever conso l e is specified last o n t h e
ker n e l c o m m a n d l i ne.
-
-
7. Press Ct rl +x to boot w i t h t h e c h a n g es.
At t h i s poi nt, a root s h e l l w i l l b e p resented, w i t h the root fi l e syste m for the a c t u a l system
m o u nted rea d -o n l y o n / sys r o o t .
-
'
-
I m p o rta nt
-
S E L i n u x is n ot yet e n a b l e d a t t h i s poi nt, so a ny n e w fi l es bei n g created w i l l n ot h ave an
S E L i n u x context assigned to t h em. Keep i n mind t h a t s o m e tools (s u c h a s pas swd ) fi rst
-
c reate a new f i l e, t h e n m ove it in p l a ce of t h e f i l e t h e y a re i nt e n d e d to edit, effec t i ve l y
creati n g a n e w f i l e w i t h o u t a n S E L i n u x context.
-
To recove r the root pa ssword from this p o i n t . u s e t h e fo l l ow i n g p roce d u re:
1. R e m o u n t /sysroot as rea d -w rite .

....
swi t c h_roo t : /# mount - o remo u nt , rw /sysroot
-
2. Switch i nto a c h root j a i l , w h e re /sys root i s treated a s the root of the f i l e syst e m t ree.
- I
�
swi t c h_ r oo t : /# c h root /sysroot
3. Set a new root password:
i
i s h - 4 . 2# pas swd root
4. M a ke s u re t h a t a l l u n l a b e l e d f i l es ( i n c l u d i n g / e t c / s hadow a t t h i s p o i nt) g et re l a b e l ed d u ri n g
boot.
-
- R H 254- R H E L 7-en-1-201 40711 13

....
C h a pter 1 . C o n t ro l l i n g S e rv i ces a n d D a e m o n s
I
-
s h - 4 . 2# touch / . autorelabel
5. Ty pe exit twice. The fi rst w i l l exit t h e c h root j a i l , a n d t h e second w i l l exit t h e init ramfs
debug s h e l l .
-
A t t h i s point. t h e system w i l l conti n u e boot i n g , perform a f u l l S E L i n u x re l a b e l , t h e n reboot a g a i n .
D i a g nose a n d re pa i r syst e m d boot i ss u e s -
I f t h e re a re p ro b l e ms d u ri n g t h e sta rti n g o f services, t h e re a re a few too l s a va i l a b l e t o system

a d m i n i st rators t h a t can h e l p with d e b u g g i n g a nd /o r t rou b l eshoot i n g :
-
Early debug shell

By r u n n i n g sys t emc t l enable debu g - shell . s e rvice, a r o o t s h e l l w i l l be s p a w n e d on
-
TTV9 (Ct r l+Al t + F 9 ) ea r l y d u r i n g t h e boot s e q u e nce. This s h e l l is a u t o m a t i ca l l y l og g e d i n as
root so t h a t an a d m i n istrator ca n use some of the other d e b u g g i n g too l s w h i l e the system is sti l l
boot i n g .
&
-
Wa r n i n g
-
Do not forget to d i s a b l e t h e debu g - shell . se rvice service w h e n d e b u g g i n g i s

co m p l ete, a s it l eaves a n u n a ut h e n t i cated r o o t s he l l o p e n to anyone w i t h l oca l console
access. -
E m e rgency and resc u e ta rgets -
By a p pe n d i n g e i t h e r syst emd . u n i t = r e s c u e . t a r g e t or
sys t emd . u n i t =eme r gency . t a r g e t to the ke r n e l c o m m a n d l i n e from the boot l o a d e r, t h e
-
system wi l l s p a w n i nto a s p e c i a l rescue o r e m e rg e n cy s h e l l i n stead o f start i n g n o rm a l l y. Bot h
of t hese s h e l l s req u i re t h e root password. T h e eme rgency ta rget kee p s t h e root f i l e system
m o u nted read-o n l y, w h i l e rescue . target waits for sysinit . target to co m p l ete fi rst so that
-
more of t h e system w i l l be i n i t i a l ized, for exa m p l e, l o g g i n g , file systems, etc. E x i t i n g from t h ese
s he l l s wi l l cont i n u e w i t h the reg u l a r boot p rocess.
St u c k jo bs
D u ri n g sta rtup, syst emd spawns a n u m be r of j o bs. I f some of t h ese jobs c a n not c o m p l ete, they
w i l l b l o c k o t h e r j o bs from r u n n i n g . To i n s pect t h e c u r rent j o b l ist. a n a d m i n istrator can use the -
c o m m a n d sys t emc t l list - j obs. A n y jobs l i sted a s ru nning m ust co m p l ete before t h e jobs
l i sted as wai t i n g can cont i n ue.
-
R Refe re n ces
-
syst emd . t a r g e t (5), syst emd . special(7), sulogin(8), s u s hell(8), a n d
sys t em c t l(l) m a n p a g e s
-
/u s r /lib/syst emd/syst em/d e b u g - s hell . se rvice
14 R H 254- R H E L 7-en-1 -20140711 -

Practice: S e l e c t i n g a Boot Ta rget
P ra ct i ce: S e l e ct i n g a B o ot Ta rget
G u i d e d exe rc i se
I n t h i s l a b, you w i l l configure y o u r s e rve rX system to boot i nto d i fferent t a rg ets.
O utcome:
A system booted i nto d iffere nt t a rgets.
Before you begin . . .

• Reset y o u r se rverX system.
0 1. O n your s e rverX syste m , switch to t h e mult i - u s e r target m a n u a l l y without reboot i n g .
0 1 .1 .
[ s t u d e n t @s e r v e r X - ] $ sudo systemc t l isolate multi - u s e r . t a r get
0 2. Log i nto a text-ba sed console as r o o t .
0 3. C o n f i g u re your serverX to a utomatica l l y boot i nto t h e mul t i - u s e r t a rget after a

reboot, t h e n reboot your s e rverx system to verify.
0 3.1.
[ r o o t @ s e rv e r X - ] # systemc t l s e t - d efault mult i - u se r . ta rget
r m ' / e t c / s y s t e m d / s y s t em/defau l t . t a r g e t '
l n - s ' / u s r / l i b / s y s t emd / s y s t em/mul t i - u s e r . t a r g e t ' ' / e t c / s y s t em d / s y s t em/
d e f a u l t . ta r g e t '
0 3.2.
[ r o o t @ s e r v e r X - ] # systemctl reboot
0 4. Re boot y o u r s e rve rX syst e m , t h e n from w i t h i n t h e boot l o a d e r m e n u , boot into t h e

r e s c u e t a rget.
0 4.1. Reboot your se rverx m a c h i n e .
I [ r oot@serverX - ] # systemc t l reboot

i
0 4.2. I nt e r r u pt t h e boot l oa d e r w h e n t h e m e n u a p p e a rs by pressing a n y key.
0 4.3. M ove t h e selection to t h e d e fa u lt entry (the fi rst o n e) u s i n g t h e c u rsor keys.
0 4.4. P ress e to edit the c u r rent e n t ry.
0 4.5. M ove t h e cursor to t h e l i n e t h a t sta rts with linux16.
0 4.6. M ove t h e c u rsor to t h e e n d of t h e line (us i n g t h e E n d key), and a p pend the

f o l l o w i n g text:
R H254- R H E L7-en-1 -20140711 15

-
.....
C h a pter 1 . Contro l l i n g Services a n d D a e m o n s
I
-
s y s t emd.u n i t = r e s c u e. t a r g e t
D 4.7. Press Ct rl+x to boot u s i n g t h e modified confi g u ra t i o n .
D 4 . 8 . W h e n prom pted for t h e r o o t password , e n t e r r e d h a t . -
D 5. Set t h e defa u lt syst emd ta rget back to t h e g ra p h i c a l ta rget.

-
[ r oot@s e r v e r X - ] # systemctl set - default g r aphical . target
D 6. P ress Ct rl+d to conti n u e boot i n g i nto the ( n ew) defa u l t t a rget. -
16 R H 254- R H E L 7 - e n -1 -20140711 -
-
L a b : Contro l l i n g Services a n d D a e m o n s
-
L a b : C o n t ro l l i n g S e rv i ces a n d D a e m o n s
-
Pe rfo r m a n ce c h e c k l i st
I n t h i s l a b, you wi l l c h a n g e t h e defa u lt target a n d e n a b l e a n d verify t h a t a service starts u p o n
boot.
-
-
�··�
: .. �···�
Outcomes:
- S t u d e nts w i l l confi g u re t h e se rve rX.exa m p l e.co m m a c h i n e to boot to a state s u p p o rt i n g m u l t i p l e
users w i t h b o t h g ra p h ic a l a n d text-based l o g i n s. S t u d e nts w i l l a l so confi g u re t h e rsys l o g service
to start at boot ti m e.
-
Before you begin. . .

• Reset you r serverX syste m .
-
• L o g i n t o a n d set u p yo u r s e rve rX system.
.. [ s t ud e n t@s e rv e r x - ] $ l a b syst emd s e t u p
Yo u h a ve received a req u est f ro m u s e rs to e n a b l e g ra p h i c a l login o n se rve rX. T h e u s e rs h a ve

-
a l so a s ked you to l o o k i nto t h e l o g g i n g service o n t h e syste m , s i n ce t h e l o g fi l es d o n ot seem to
be gett i n g p o p u l ated. Yo u w i l l m a ke the necessary confi g u ration c h a nges and t h e n reboot t h e
system.
-
After t h e reboot, verify t h e system state and rsys log service sta t u s to m a ke s u re everyt h i n g is
work i n g as expected . After com p l et i n g yo u r work, r u n t h e co m m a n d lab sys t emd g r ade o n
-
se rverX to verify t h e res u l ts.
1. Dete r m i n e i f the system c u rre n t l y s u p po rts g ra p h i c a l l o g i n o n boot. I f not. confi g u re it to

-
s u p p o rt g ra p h i c a l a n d text-based l o g i n s u p o n boot.
2. Dete r m i n e if the rsys log p rocess is r u n n i ng . I f not, verify if it i s config u re d to start o n boot,
and f i x it if it i s n ot.
3. Sta rt the rsys l o g service m a n u a l l y to m a ke s u re that it w i l l start p ro p e r l y.
4. Reboot t h e syst e m .
5. Log i n to t h e serverX syste m again a n d switch to u s e r root. Ve rify t h a t t h e syst e m boots to

-
the d e s i red syst e m state a n d that t h e rsys l o g service i s r u n n i n g properly.
6. Verify yo u r work by r u n n i n g lab syst emd g r ad e o n s e rve rX.

-
'-
- RH254- R H E L 7-en-1 -201 40711 17

-
C h a pter 1 . C o n t ro l l i n g S e rvices a n d D a e m o n s
-
Solution
-
I n t h i s l a b , you w i l l c h a n g e t h e defa u l t ta rget a n d e n a b l e a n d verify t h a t a service starts u pon
boot.
�ik"l'-
Machines ;server)(
-
-
Outcomes:
S t u d e nts w i l l config u re the serverX.ex a m p l e.com m a c h i n e to boot to a state s u p p o rt i n g m u lt i p l e
users w i t h b o t h g ra p h i c a l a n d text-based l o g i ns. St u d e nts w i l l a l so confi g u re t h e rsys l o g service -
to start at boot t i me.

-
• Reset yo u r se rverx system.
• Log into and set up yo u r serverX syste m .

-
[ s t u d e n t@ s e r v e r X - ) $ lab systemd setup
Yo u have received a req u est f rom u s e rs to e n a b l e g ra p h i c a l l o g i n o n se rve rx. The u s e rs have

a l so a s ke d you to look i nto t h e l o g g i n g service o n the system, s i n ce the l o g f i l e s d o not seem to
be gett i n g p o p u l ated. Yo u wi l l m a ke the necessary config u ration c h a n g e s a n d t h e n reboot the
system.
Afte r t h e re boot, ve r i fy t h e system state and rsys l o g s e rvice status to m a ke s u re everyt h i n g is -
working a s expected. After co m p l et i n g y o u r work, run the command lab sys t emd g rade on
se rverX to verify t h e res u lts.
1. Dete r m i n e if t h e system c u r re n t l y s u p po rts g ra p h ica l login o n boot. I f n ot, confi g u re it to

s u p p o rt g ra p h ica l and text-based l o g i n s u po n boot.
-
1 .1 . Switch to t h e r o o t user on t h e serverX system.
I [ st u dent@serverX -]$ sudo - i

-
;
1 .2. Dete r m i n e t h e state that t h e system is c u rre n t l y confi g u red to boot to.
....
[ r oo t@se r v e r x - ] # systemctl get - default

m u l t i - u se r . t a r g e t
-
1 .3. Set t h e system state to s u p port g ra p h i c a l l o g i n .
-
[ r oo t @ s e r v e r x - ] # sys temc t l set - default g r aphical . t arget
r m ' /e t c / s y s t emd/sys t em/default . t a r g e t '
ln - s ' / u s r/lib/sys temd / s y s t em/ g r a p h ical . t a r g e t ' ' /e t c / s y s t em d / s y s t em/
default . target ' -
2. Dete r m i n e if the rsys l o g process i s r u n n i n g . I f not, verify if it is config u re d to start o n boot,

-
and f i x it i f it is n ot.
2.1 . Dete r m i n e if t h e rsys log p rocess is r u n n i n g .

-
18 R H254- R H E L 7-en-1 -20140711 -
-
-
Solution
-
[ r oot@se r v e r X - ] # ps - lef I grep [ r ] syslog

[ root@se rve r x - ] #
2 . 2 . C h e c k i f t h e rsys l og service i s e n a b l e d .
-
[ r oo t @ s e r v e r x - ] # systemctl is - enabled rsyslog . se rvice

d isabled
-
2.3. E n a b l e the rsys l og servi ce.
[ r oo t @ s e r v e r x - ] # systemctl enable rsyslog . service

l n - s ' / u s r /lib/sys t e m d / s y s t e m / r syslog . se r vice ' ' /e t c / s y s t em d / s y s t em/mult i
u s e r . t a r g e t . want s / r sy s l o g . se rvice '
-
3. Start t h e rsys l o g service m a n u a l l y to m a ke s u re t h a t it w i l l sta rt p r o p e r l y.

-
3.1 . Start t h e rsys l o g service.
- [ ro o t @s e r v e r x - ] # systemctl start rsyslog . se rvice

[ root@se r v e r X - ] #
..
3.2. Ve rify t h e rsys l o g service started w i t h o u t issu es.
[ r oo t @ s e r v e r x -]# systemctl status r syslog . se rvice

-
r s y slog . se rvice - Sys t em L o g g i n g S e r vice
Loaded : loaded { / u s r /lib/ s y s t em d / s y s t em/ r s y s log . s e rvice ; enabled )
Ac t ive : a c t ive { r u n n i n g ) s i n c e Tue 2014 - 05 - 2 7 00 : 55 : 57 EDT ; 16s ago
-
Main P I O : 1910 { r syslog d )
CG r o up : / s y s t em . slice/ r sy s l o g . s e rvice
L...1910 / u s r / s bi n / r s y s l o g d - n
- . May 2 7 00 : 55 : 57 s e r ve r l . example . com s y s t emd [ l ] : S t a r t e d s y s t em L o g g i n g servic e .
4.
I
Reboot t h e system.
-
[ r oo t @ s e r v e r X - ] # sys t emc tl reboot
...
5. Log in to the serverX syste m a g a i n a n d switch to u s e r root. Ve rify that the system boots to
t h e d e s i red system state a n d t h a t t h e rsys l o g service i s r u n n i n g p r o p e r l y.
-
5.1 . Ve rify t h e system state. T h e g ra p h ic a l ta rget s h o u l d be i n state a ctive on a f u l l y booted

up syst e m .
-
[ root@se r v e r X - ] # systemctl s t a t u s g raphical . t arget

g r ap h ical . t a r g e t - G r ap h ical I n t e r face
-
Loaded : loaded { /lib/sys t emd / s y s t em/g r ap h ical . t a r g e t ; e n abled }
Ac t ive : a c t ive s i n c e Tue 2 0 14 - 05 - 2 7 01 : 11 : 26 EDT ; lmin 52s ago
D o c s : man : sy s t emd . special { 7 )
5.2. Verify t h a t t h e rsys log service i s r u n n i n g properly.

-
-
RH254- R H E L 7-en-1 -20140711 19
....
-
....
C h a pter 1 . Contro l l i n g S e rvices a n d D a e m o n s

-
[ root@s e r v e r X - ] # sys temc t l stat u s rsyslog . se rvice

r syslog . se r vice - Sy s t e m Lo gg in g Se rvice
-
Loaded : loaded ( / u s r /l i b / s ys t emd/sys t em/ r syslog . se r vice ; enabled )
Ac t ive : ac t ive ( r u n n i n g ) since T u e 2 0 14 - 05 - 27 0 1 : 11 : 22 EDT ; lmin 48s ago
Main P I D : 5 7 0 ( r syslog d )
C G r o up : / s y s t e m . slice/ r s y s log . se rvice -
L-5 7 0 / u s r / s b i n / r syslogd - n
May 2 7 01 : 11 : 22 local h o s t s y s t emd [ l ] : S t a r t e d Sy s t em L o g g i n g Servic e .

-
6. Verify yo u r work by r u n n i n g lab syst emd g r ade on se rve rX.

-
[ r oot@serverx - ] # lab syst emd g r ade
20 R H 254- R H E L7-en-1 -20140711 -
-
-
Solution
S u m m a ry
-
Contro l l i ng S e rv i ces w i t h syste mctl

In t h i s sect i o n , st u d e nts l ea rned how to:
-
• D ete r m i n e t h e status of system daemons and network servi ces sta rted by sys t emd.
- • Start, stop, and e n a b l e services u s i n g sys t emc t l.
C o n t ro l l i n g t h e Boot Process
-
In this sect i o n , students l ea rned how to:
• B rea k down the Red Hat E nterprise L i n u x 7 boot p rocess i nto fo u r steps:
-
1. H a rd wa re ( B I OS/U E F I )
2. Boot l o a d e r ( g r u b2)
-
3. k e r n e l and init r amfs
- 4. sys t emd
• Control t h e Red Hat E nterprise L i n u x 7 boot p rocess by:

...
• S e l ecti n g a syst e m d ta rget with systemc t l o n a r u n n i n g syste m .
• Pa s s i n g a rg u m e nts o n t h e k e r n e l com m a n d l i n e d u ri n g boot.

-
-
R H 254- R H E L7-en-1 -201 40711 21
-
I
-�
--
22
red h at ®
® TRAINING
C H A PT E R 2
MANAGING I PV6 NETWORKING
Overview
Goal To confi g u re a n d tro u b l es h o ot b a s i c 1 Pv6 netwo r k i n g on R e d

H a t E n t e r p rise L i n u x systems.
Objectives • Review how to co nfi g u re 1 Pv4 networking i n R H E L 7.
• E x p l a i n t h e basic concepts of 1 Pv6 netwo r k i n g , a n d read

and write c o n d e nsed 1 Pv6 a d d resses.
• Confi g u re 1 Pv6 netwo r k i n g u s i n g c o m m a n d - l i n e tools a n d

confi g u ra t i o n f i l es.
Sections • Review of 1 Pv4 N etwo r k i n g Config u ra t i o n (and Practice)
• 1 Pv6 N etwo r k i n g Concepts (and Pract ice)
• 1 Pv6 N etwo r k i n g Confi g u ration (and Practice)
Lab • M a n a g i n g 1 Pv6 N etwo r k i n g
RH254- R H E L7-en-1-20140711 23
-
C h a pter 2 . M a n a g i ng 1 Pv6 N etworki n g
R ev i ew of 1 Pv4 N etwo r k i n g C o n f i g u ra t i o n
-
O bj e c t i ves -
Aft e r co m p l eti n g t h i s sect i o n , stu d e nts s h o u l d b e a b l e to confi g u re 1 Pv4 netwo r k i n g u s i n g nmcli

a n d confi g u ra t i o n fi l es i n the / e t c / sysconfig/netwo r k - s c r i p t s d i recto ry.
-
1 Pv4 n etwo r k i n g
T h i s sect i o n assu mes t h a t stu de nts have a basic u n d e rsta n d i n g of 1 Pv4 n etwo r k i n g c o n ce pts. -
In p a rti c u l a r, students s h o u l d k n ow somet h i n g a bout 1 Pv4 a d d resses, n etwork prefi xes (a n d
n e t m a s ks), defa u lt gateways a n d b a s i c ro u t i n g , network i nte rfa ces, /etc/hosts, a n d n a m e
res o l u t i o n . -
N etwo r k M a n a g e r ove rvi ew

-
In Red Hat E nterprise L i n u x 7, the confi g u ration of network i nterfaces i s m a n a ged by a system
daemon ca l l ed N etwo r k M a n a g e r. Fo r N etwo r k M a n a g e r :
-
• A device i s a n etwo r k i nte rface.
• A connection i s a co l l ec t i o n of sett i n g s that can be confi g u re d for a device.
• O n l y o n e connection i s active for a ny o n e d evice a t a t i m e. M u l t i p l e c o n n ect ions may exist, for

u s e by d i ffe rent devices o r to a l low a c o nf i g u ra t i o n to be a l t e re d for t h e same devi ce.
-
• Each co n n ection has a name o r ID t h a t ide ntifies it.
• The p e rs i stent confi g u ra t i o n for a c o n n ect i o n is stored i n .....
/ e t c / sysconfig/netwo r k - s c r i p t s/ifcfg - name, w h e re name is t h e n a m e o f t h e

c o n nection (a l t h o u g h s pa ces a re n o r m a l l y re p l aced with u n d e rscores i n t h e f i l e n a m e). T h i s f i l e
ca n b e ed ited b y h a n d i f d e s i re d . -
• T h e nmcli u t i l ity c a n b e used to c r e a t e a n d e d i t c o n n e c t i o n fi l es from t h e s h e l l prom pt.

-
V i ewi n g n etwo r k i n g i nfo rmat i o n

T h e com m a n d nmcli dev s t a t u s wi l l show t h e status of a l l network devices:
-
[ s t ud e n t@demo - ] $ nmcli d e v s t a t u s
DEVICE TYPE STATE CONN ECTION -
enol ethe rnet connected enol
ethe ethernet connected s t a t ic - e t h e
eno2 ethe rnet disconnected
lo loopback u nmanaged -
T h e com m a n d nmcli con s how w i l l s h ow a l ist of a l l con n e c t i o n s . To l i st o n l y t h e a ct i ve

-
c o n nect i o n s, a d d t h e - - ac t ive o p t i o n .
24 R H 254- R H E L 7 - e n -1 -20140711 ....

-
...
A d d i n g a netwo r k c o n n e c t i o n
-
[ s t ud e n t@demo - ] $ nmcli c o n s how

NAME UUID TYPE DEVICE
eno2 f f 9 f 7 d 6 9 - d b83 - 4fed - 9f32 - 939f8b5f81cd 8 02 - 3 - e t h e r n e t
s t at i c - e t h 0 7 2 c a 5 7 a 2 - f7 8 0 - 40d a - b146 - 9 9 f 7 1c431e2b 802 - 3 - e t h e r n e t eth0
eno1 8 7 b 5 3 c 5 6 - 1f5d - 4a2 9 - a869 - 8a7bdaf56dfa 8 02 - 3 - e t h e r n e t eno1
-
[ r oo t @demo -]# nmcli con show - - active
NAME UUID TYPE D EV I C E
s t a t ic - e t h 0 7 2 c a 5 7 a 2 - f 780 - 40 d a - b146 - 9 9 f 7 1c431e2b 8 02 - 3 - e t h e r n e t eth0
-
eno1 8 7 b 5 3 c5 6 - 1f5d - 4a29 - a869 - 8a7bdaf56dfa 802 - 3 - e t h e r n e t eno1
T h e ip add r s how com m a n d d i s p l ays the c u rrent confi g u ra t i o n of network i nte rfa ces o n t h e
- system. To l i st o n l y a s i n g l e i nt e rface, a d d t h e i n t e rface n a m e a s t h e l a st a rg u m ent:
[ s t u d e n t@demo - ] $ ip a d d r s how eth0

-
2 : e t h 0 : <BROADCAST , MU LTICAST , 0 U P , LOWER_UP> mtu 1500 qdisc pfifo_fast s t a t e U P qlen
1000
0 1 i n k /e t h e r 5 2 : 54 : 00 : 00 : 00 : 0b brd ff : ff : ff : ff : ff : ff
-
E» i n e t 172. 2 5 . 0 . 11/16 b r d 1 7 2 . 2 5 . 255 . 2 5 5 scope global e t h 0
valid_lft f o r e v e r p r efe r r ed_lft f o r ev e r
- C» i n e t 6
fe80 : : 50 54 : ff : fe00 : b / 64 s c op e l i n k
valid_lft fo reve r p r efe r r ed_lft f o r eve r
-
O A n a ct i ve i nt e rface is UP.
O The lin k/e t h e r l i n e specifies t h e h a rd wa re ( M A C ) a d d ress of t h e d evice.
- E) The inet l i n e s h ows a n 1 Pv4 a d d ress, its network p refix l e n g t h , a n d scope.

C» T h e inet6 l i n e s h ows a n 1 Pv6 a d d ress, its n etwo r k prefix l e n g t h , a n d scope.
-
Ad d i n g a n etwo r k co n n e ct i o n
The nmcli con add co m m a n d i s u sed to a d d n e w n etwork connections. The exa m p l e nmcli
- con add com m a n d s that fo l l ow a s s u m e that the n a m e of the network c o n n e c t i o n b e i n g a d d e d is
not a l re a d y i n use.
-
The fo l l owi n g co m m a nd w i l l add a new c o n n e c t i o n for the i n t e rfa ce eno2, which w i l l get 1 Pv4
netwo r k i n g i nfo r m a t i o n u s i n g D H C P a nd w i l l a utocon nect on sta rtu p. The config u ra t i o n w i l l be
saved in /et c/sysconfig/netwo r k - sc ript s/ifcfg - eno2 because the con - name i s eno2.
I [ r oo t@demo - ] # nmcli con a d d con - name e n o 2 t y p e e t h e r n e t ifname eno2
-
The next exa m p l e config u res the eno2 i nterface statica l l y i n stea d , u s i n g the 1 Pv4 a d d ress a n d
network prefix 1 92.1 68.0.5/24 a n d defa u l t g a teway 192.1 6 8.0.254, b u t sti l l a utoco n n ects a t
sta r t u p a n d saves i t s confi g u ra t i o n i nto t h e s a m e f i l e. T h e exa m p l e is l i ne-wra p p e d w i t h a s h e l l \
-
esca pe.
I
H
I
[ r oo t@demo - ] # nmcli con add con - name eno2 type e t h e r n e t ifname eno2 \
-
> ip4 192 . 168 . 0 . 5/24 gw4 192 . 168 . 0 . 254
I
-
Cont ro l l i n g n etwo r k co n n ec t i o n s
T h e nmcli con u p name c o m m a n d w i l l activate t h e con n ection name o n t h e netwo r k i n t e rface
-
it is b o u n d to. Note that the c o m m a n d ta kes the n a m e of a connection, not the n a m e of t h e
-
R H 254- R H E L 7-en-1 -20140711 25
-
C h a pter 2. M a n a g i n g I Pv6 N etwo r k i n g

-
network i nt e rface. R e m e m b e r that n m c l i con s how can be used to l i st t h e n a m e s of a l l

ava i l a b l e c o n n ections.
-
I [ r oot@demo - ] # nmcli c o n up s t at ic - e t h0
[
-
The nmcli dev disconnect de vi c e com m a n d w i l l d i scon nect the n etwo r k i n te rface device
a n d b ri n g i t d o w n . T h i s co m m a n d can be a b b reviated nmcli dev dis de vi c e :
-
[ r oot@demo - ] # nmcli d ev dis eth0
I m p o rta nt
Use nmcli dev dis de vi c e to d eactivate a n etwo r k i nterfa ce. -
The co m m a n d nmcli con down name i s n o r m a l l y not the best way to deactivate
a network i nterface. T h i s com m a n d wi l l b ri n g down t h e c o n n e ct i o n . B u t by d e fa u lt, -
most w i re d syste m c o n n ect i o n s a re confi g u re d with aut oconnec t e n a b l e d . This

activates the c o n n ection as soon as its network i nte rfa ce is ava i l a b l e . S i n ce the
-
co n n ecti o n ' s network i nterface i s sti l l a va i l a b l e , nmcli con down name w i l l bring the
i nte rface do wn , b u t then N etwo rk M a na g e r w i l l i m mediate l y b r i n g it up a g a i n u n l ess the
connection i s e n t i re l y d i sco n n e cted from the i nterface.
-
M od i fyi n g n etwo rk co n n ec t i o n sett i n g s
N etwork M a n a g e r co n n ecti o n s have two k i n d s o f sett i n gs. There a re static c o n n ect i o n
properties, w h i c h a re confi g u red by t h e a d m i n istrator a n d stored i n t h e config u ra t i o n f i l es i n -
Ie t c/sysconf ig/netwo r k - s c r i p t s / i fcfg - * . T h e re m a y a l so be active con n e cti o n data,
which t h e c o n n ec t i o n gets from a D H C P server and which a re not stored persistently.
-
To l i st t h e c u rrent sett i n g s for a con n e cti o n , r u n t h e nmcli con show name com m a n d , where
name is t h e n a m e of t h e c o n n ection. Sett i n g s i n lowercase a re static properties the a d m i n istrator
can c h a n g e ; sett i n gs i n a l l caps a re active sett i n g s in tem porary use for this i n stance of t h e -
c o n n ecti o n .
26 R H 254- R H E L 7-en-1 -20140711 -
-
-
M o d ifyi n g n etwork co n n ection sett i n g s

-
[ r oot@demo ] # nmcli con show s t atic - et h0

-
c o n n e c t i o n . id : s t at i c - e t h 0
-
c o n n e c t io n . uu id : 8 7 b5 3 c 5 6 - 1f5d - 4a29 - a869 - 8 a 7 b d af 5 6 d f a
c o n n e c t io n . in t e r f ac e - n ame :
c o n n e c t io n . type : 802 - 3 - e t h e r n e t
- c o n n e c t io n . a u t o c o n n e c t : yes
c o n n e c t io n . t i me s t amp : 140180345 3 .
c o n n e c t i o n . read - only : no
c o n n e c t io n . pe rm i s s i on s :
-
c o n n e c t i o n . zo n e :
c o n n e c t io n . ma s t e r :
c o n n e c t io n . slave - type :
c o n n e c t i o n . se c o n d a r i e s :
-
c o n n e c t io n . g a t eway -pin g - t imeo u t : 0
802 - 3 - e t h e r n e t . po r t :
802 - 3 - e t h e r n e t . speed : 0
- 802 - 3 - e t h e r ne t . d uplex :
802 - 3 - e t he r ne t . a u t o - n e g o t i a t e : yes
802 - 3 - e t h e r n e t . mac - ad d r e s s : CA : 9D : E9 : 2A : CE : F0
802 - 3 - e t h e r ne t . c l o n e d - mac - ad d r e s s :
-
802 - 3 - e t h e r n e t . mac - ad d r e s s - blac kli s t :
802 - 3 - e t h e r n e t . m t u : auto
802 - 3 - e t h e r ne t . s 3 90 - s u b c h a n n e l s :
-
802 - 3 - e t h e r n e t . s 3 9 0 - ne t t ype :
802 - 3 - et h e r n e t . s 3 9 0 - op t io n s :
ipv4 . me t h o d : man u al
ipv4 . d n s : 1 9 2 . 168 . 0 . 254
- ipv4 . d n s - s e a r c h : e xample . com
ipv4 . ad d r e s s e s : { ip = 192 . 168 . 0 . 2/24 , gw = 192 . 168 . 0 . 254 }
ipv4 . r o u t e s :
ipv4 . ig n o r e - au t o - ro u t e s : no
-
ipv4 . ig n o r e - au t o - d n s : no
ipv4 . d h cp - c lie n t - id :
ipv4 . d h cp - s e n d - h o s t n ame : yes
-
ipv4 . d h cp - h o s t name :
ipv4 . n eve r - d e f a u l t : no
ipv4 . may - fail : yes
The nmcli con mod name c o m m a n d c a n b e used to c h a n g e t h e sett i n g s fo r a connection.

These c h a n g e s w i l l a l so be saved i n t h e / e t c / sysconfig/netwo r k - s c r i p t s/ifcfg - name
-
f i l e for t h e c o n n e c t i o n . The d i fferent sett i n g s t h a t a re ava i l a b l e a re d o c u m e nted in t h e
nm - se t t ings(5) m a n page.
To set the 1 Pv4 a d d ress to 1 92.0.2.2/24 a n d d e fa u l t gateway to 1 92.0.2.254 for the c o n n ection
s t a t i c - et h0:
-
[ root@demo - ] # nmcli con mod s t a t ic - e t h 0 ipv4 . addresses " 192 . 0 . 2 . 2/24 192 . 0 . 2 . 254"
9
-
I m p o rt a n t
I f a c o n n e c t i o n t h a t got its 1 Pv4 i n fo r m a t i o n from a D H C Pv4 server i s b e i n g c h a nged
-
to g et i t from sta t i c conf i g u ra t i o n f i l es o n l y, t h e sett i n g i pv4 . met hod s h o u l d a l s o b e
c h a n g e d from a u t o to manual. o t h e r w ise, t h e c o n n e c t i o n m a y h a n g o r not com p l ete
s u ccessf u l l y when it is activated , o r it may get an 1 Pv4 a d d ress from D H C P in a d d ition
to t h e stat i c a d d ress.
- R H 254- R H E L 7 - e n -1 -201 40711 27
...
-
C h a pter 2. M a n a g i ng 1 Pv 6 N etwo r k i n g
-
A n u m b e r of sett i n g s m a y h a v e m u l t i p l e va l u es. A s p e c i f i c va l u e c a n be a d d e d to t h e l ist o r

d e l eted from t h e l ist f o r a sett i n g b y a d d i n g a + o r - s y m b o l to t h e start o f t h e sett i n g n a m e.
-
To a d d t h e D N S server 1 92 .0.2.1 to t h e l i st of n a mese rvers to u s e with t h e con n ection s t a t ic

ethe:
-
J
'
[ root@demo - ] # nmcli con mod s t atic - ethe +ipv4 . dn s 192 . 0 . 2 . 1
.....,. ___,___
� _ - ��---
-
By defa u lt, c h a nges m a d e w i t h nmcli con mod name a re a utomatica l l y saved to
/ e t c / sysconfig/netwo r k - sc r i p t s /ifcfg - name. That f i l e can a l so b e m a n u a l l y e d ited
with a text editor. After d o i n g so, run nmcli con reload so that Netwo r k M a n a g e r rea d s the -
confi g u ra t i o n c h a nges.
Fo r backward-compati b i l ity rea sons, t h e d i rectives saved i n that file have d i fferent n a m es a n d -
syntax t h a n t h e nm - se t t ings(5) n a m es. T h e fo l l ow i n g ta b l e m a p s s o m e o f t h e key sett i n g
n a mes to i fcfg - * d i rectives.
-
Comparison of nm- setti ngs and ifcfg· * Directives
nmcli c o n mod i f c f g - * file Effe c t
-
i pv4 . me t hod manu al BOOTPROTO=none 1 Pv4 a d d resses confi g u re d
statica l l y.
ipv4 . met hod au t o BOOTPROTO=dhcp W i l l l o o k for confi g u ra t i o n -
sett i n g s f r o m a D H C Pv4
server. I f static a d d resses a re
a lso set, w i l l not b r i n g t h ose -
u p u n t i l we have i n f o r m a t i o n
f r o m D H C Pv4.
!
r· ···-- � - - - -
.. -- '
; -
i pv4 . add resses l Sets static 1 Pv4 a d d ress,
IPADDR9=192 . 9 . 2 . 1
" 192 . 0 . 2 . 1/24 PREFIX0=24 ' network prefix, and d e fa u lt
l
19 2 . 0 . 2 . 254 " ' GATEWAY9=192 . 0 . 2 . 254 gateway. I f more t h a n o n e i s
. . -- -- - --- - - --��--- - �- - - -: s e t for t h e connect i o n , t h e n -
i nstead o f 0, t h e ifcfg - *
d i rectives e n d w i t h 1 , 2, 3 a n d
-
so o n .
i pv4 . d n s 8 . 8 . 8 . 8 DNSE>=8 . 8 . 8 . 8 Modify / e t c / resolv . c o n f
t o use t h i s name s e rv e r . -
i pv4 . d ns - search DOMAI N=example . com Mod ify / e t c / re solv . c o n f

example . com t o use t h i s d o m a i n i n t h e
-
sea r c h d i recti ve.
i pv4 . ignore - au t o - d n s PEERDNS=no I g no re D N S server
t r ue i nfo r m a t i o n f ro m the D H C P -
server.
connec t ion . autoconnect ON BOOT=yes Automatica l l y act ivate t h i s
-
yes connection at boot.
connec t ion . id e t h E> NAME= e t h E> The name of this co n n ec t i o n .
connec t ion . in t e rfac e - DEVICE=e t h E> The c o n n ection i s b o u n d t o -
n ame e t hE> t h e n etwo r k i nterface w i t h

t h i s n a m e.
-
28 R H 254- R H E L 7-en-1 -20140711 -

-
D e l e t i n g a n etwork c o n n e c t i o n
-
n m c l i con mod i fcfg - * file Effect

-
802 - 3 - e t he r net . mac HWADDR= . . . T h e connect i o n i s b o u n d to
add r e s s . . . the network i nt e rface w i t h
t h i s M AC a d d ress.
-
A I m p o rta nt
-
T Beca use N etwo r k M a n a g e r tends to d i rect l y m o d i fy the / e t c / resolv . conf f i l e , d i rect
e d its to t h a t f i l e m a y be ove rwritten.
-
To c h a n g e sett i n g s in t h a t f i l e, i t i s better to set DNSn and DOMAIN d i rectives in t h e
re l eva n t Ie t c / sysconf ig/netwo r k - s c r i p t s / i fcfg - * f i l es.
-
D e l et i n g a n etwo r k co n n ect i o n
-
T h e nmcli con del name c o m m a n d w i l l d e l ete t h e c o n n ection n a m ed
name from t h e syste m , d i sco n n ecti n g it from t h e d evice a n d remov i n g t h e f i l e
/ e t c / sysconfig/ n e t wo r k - sc ript s/ifcfg - name.
-
M od i fy i n g t h e syste m h ost n a m e
... T h e h o s t n ame com m a n d d i s p l ays o r tempora r i l y m o d i fies t h e syste m ' s f u l l y q u a l i f i e d host n a m e .
- - -� - �-�-
I l
i [ r o o t@demo - ] # host name
- demo . example . com
--�--� - � ----- __ _____j
A stat i c h ost n a m e m a y be s p e c i f i e d i n t h e / e t c / h o s t n ame f i l e. T h e host namec t l c o m m a n d

-
i s u s e d to mod ify t h i s f i l e a n d m a y be used to v i e w t h e stat u s o f t h e syste m ' s f u l l y q u a l if ied host
n a me. I f this file does n ot ex i st. the h ost name is set by a reverse DNS q u ery o n ce the i nterface
has a n IP a d d ress a s s i g n e d .
-
- - ---� - ---
[ ro o t@demo - ] # host namectl set - host name demo . example . com

[ r oo t@demo - ] # host namec t l s t a t u s
-
S t a t ic h o s t name : demo . example . com
I c o n name : comp u t e r
Chassis : n / a
M ac h i n e I D : 9f6fb63045a845 d 7 9 e 5 e 8 7 0 b914c61c9
Boot I D : aa6c 3 2 59825e4b8c92bd0f60108 9 d d f 7
Vi r t ualizat i o n : kvm
O p e r a t i n g S y s t e m : Red Hat E n t e r p r i s e L i n u x Se rve r 7 . 0 ( Maipo )
- CPE OS Name : c pe : /o : r e d h a t : e n t e r p r i s e_lin u x : 7 . 0 : GA : s e r v e r
Ke r n e l : L i n u x 3 . 10 . 0 - 121 . el 7 . x 8 6_64
A r c h i t ec t u r e : x 8 6_64
[ r oo t @demo - ] # cat /etc/host name
-
demo . example . com
-
� I m p o rt a n t
T The stat ic host n a m e i s stored i n / e t c / h o s t name. P revi o u s vers i o n s
- of Red H a t E n t e r p r i se L i n u x stored t h e h o s t n a m e a s a va ri a b l e i n t h e
/ e t c/sysconfig/netwo r k f i l e.
-
R H 254-R H E L 7-en-1-20140711 29
-
S u m m a ry of co m m a n d s
T h e fo l l ow i n g t a b l e i s a l ist of key co m m a n d s d i scussed i n t h i s sect i o n . -
Comm a n d P u r pose
-
nmcli dev s t a t u s S h ow t h e N etwo r k M a n a g e r status of a l l n etwork i nte rfa ces.
nmcli con s how L i st a l l c o n n e c t i o n s .
-
nmcli con show name L i st t h e c u rrent sett i ngs for t h e con n e c t i o n name.
nmcli con add con - name Add a n ew c o n n e c t i o n n a m e d name.
name . . .
-
nmcli con mod name . . . M od i fy t h e c o n n e c t i o n name.

nmcli con r eload Te l l N etwo r k M a n a g e r to reread the confi g u ra t i o n f i l es (usef u l
-
after t h ey h a ve b e e n ed ited by h a n d ) .
nmcli con u p name Activate t h e c o n n ection name.
-
nmcli dev dis de v Deactivate a n d d i sc o n n ect t h e c u rre n t co n n e ct i o n o n t h e
n etwo r k i nte rfa ce dev.
nmcli con del name D e l ete t h e c o n n e c t i o n name a n d its confi g u rat i o n f i l e . -
ip add r s h ow S h ow t h e c u rrent network i nte rface a d d ress confi g u ra t i o n .

h o s t n amec t l s e t - Persi ste n t l y set t h e host n a m e o n t h i s syste m . -
host name . . .
R Refe re n ces
Netwo r kManag e r (8), nmcli(l ), nmcli - examples(5), nm - set t ings ( 5) ,
host name c t l(l ), r e solv . con f(5) , host name(5), ip( 8 ) , a n d ip - add ress(8) m a n -
pages
30 R H 254- R H E L7 - e n -1 -20140711 -
-
-
....
Practi ce: C o n fi g u r i n g 1 Pv4 N etwo r k i n g

-
P ra ct i ce : C o n f i g u r i n g I Pv4 N etwo r k i n g
-
-
G u i d e d exe rc ise
I n t h i s l a b, y o u w i l l confi g u re a network i nte rfa ce with a stat i c 1 Pv4 a d d ress. O n ce t h e i n terface i s

- confi g u re d , y o u w i l l confirm t h a t it works a n d i d e ntify o t h e r 1 Pv4 n o d e s o n t h e l oca l n etwo rk. Yo u
w i l l a l so e x p l o re t h e contents of t h e confi g u ra t i o n f i l e c reated by N etwo r k M a n a g e r.
-
Resou rces:
Files: / e t c / sysconfig/netwo r k - s c r i p t s/ifcfg - enol
- Machines: s e rve rx
Outcomes:
-
The enol n etwo r k i nte rface o n yo u r serverX m a c h i n e w i l l b e m a n a g ed by N etwo r k M a n a g e r
with a c o n n e c t i o n n a m e d e n o l . I t w i l l sta t i c a l l y confi g u re a n 1 Pv4 a d d ress of 1 92.1 6 8.0.1 /24
w i t h o u t a gateway. T h e host with a d d ress 1 92 .1 68 .0.254 c a n be referenced as " o t h e rhost".
-

• Reset the serve rX syste m.
-
• Log i nto and set u p yo u r se rve rX syst e m . T h e fo l l o w i n g co m m a n d m a kes t h e u n config u re d

enol n e t w o r k i nte rface ava i l a b l e after t h e s e rverX system h a s b e e n reset. I t is u se d for a l l of
- the h a n ds-on p ractice exerc ises and labs in the 1 Pv6 c h a pter.
! [ s t u d e n t@se r v e r X - ] $ lab ipv6 s e t u p

- t
• Beco m e t h e root u s e r.
-
[ s t u d e n t@s e r v e r X - ] $ sudo - i
-
D 1. Before m a k i n g a n y c h a nges, d i s p l a y t h e l i st o f exist i n g network i nt e rfaces to determ i n e
t h e syste m ' s sta rting confi g u ra t i o n . A l s o d ete r m i n e w h i c h i nte rfaces a re m a naged by
N etwork M a na g e r.
D 1 .1 . T h e ip link c o m m a n d w i l l d i s p l ay a l l o f t h e n etwo r k i n t e rfaces recog n i zed b y

t h e system.
-
[ r oo t @ s e r v e r X - ] # ip link
1 : lo : <LOOPBAC K , U P , LOWER_UP> m t u 65536 qdisc n o q u e u e s t a t e UNKNOWN mode
- DEFAULT
lin k/loopbac k 00 : 00 : 00 : 00 : 00 : 00 brd 00 : 00 : 00 : 00 : 00 : 00
2 : e t h 0 : <BROADCAST , MU LT I CAST , U P , LOWER_UP> m t u 1500 q d i s c pfifo_f a s t s t a t e
UP m o d e DEFAULT q l e n 1000
l i n k / e t h e r 5 2 : 54 : 00 : 00 : 07 : 0b brd ff : ff : ff : ff : ff : ff
4 : e n o 1 : <BROADCAST , MU L T I CAST , U P , LOWER_U P> m t u 1500 q d i s c pfifo_fas t s t a t e
I
U P m o d e D EFAU LT q l e n 1000
- _ l i n k /e t h e r c a : 8a : 8f : 84 : e4 : 8f b r d ff : ff : ff : ff : ff : ff
D 1.2. U se t h e nmcli to l ist t h e network i nterfaces t h a t N etwo r k M a n a g e r m a n ag es.

-
... R H254- R H E L 7 - e n -1-201 40711 31

-
....
C h a pter 2. M a n a g i n g 1 Pv6 N etwo r k i n g
[ r oot@s e rve rx - ] # nmcli c o n show

Sys tem eth0 5 f b 0 6 b d 0 - 0bb0 - 7 ffb - 45f1 - d 6 e d d 65f3e03 802 - 3 - e t h e r n e t eth0 -
D 2. C reate a N etwo r k M a n a g e r con nection, c a l l e d eno1, for t h e eno1 network i nte rface.
-
Red i s p l a y the l i st of m a n a g ed i nterfa ces to confirm N etwork M a n a g e r m a n a ges eno1.
D 2.1 . U se nmcli to c reate t h e connection for eno1.

-
[ r oot@s e r v e r x - ] # nmcli c o n a d d con - name e n o 1 t y p e e t h e r net ifname eno1

connec t i o n ' e n o l ' ( 6e2fa636 - f7 d b - 45 6 7 - bc b a - 6 d 12d0bbcc49 ) s u c c e s s f ully
-
added.
D 2.2. D i s p l ay t h e n ew l i st of i nterfaces m a n a g ed by N etwork M a n a g e r. eno1 s h o u l d b e -

somew h e re i n t h e l ist.
[ root@s e r v e r x - ] # nmcli con show -

enol 6e2fa636 - f7 d b - 45 6 7 - bc b a - 6 d 1 2 d 0 b bcc49 802 - 3 - e t h e r n e t en ol
, Sys t em e t h0 5 f b 0 6 bd 0 - 0bb0 - 7ffb - 45f1 - d 6 e d d 65f3e03 802 - 3 - e t h e r n e t eth0
-
D 3. Display the c u rrent IP a d d ress information for eno1.

-
[ r oot@serverx - ] # ip a d d r show eno1
4 : e n o l : <BROADCAST , MU LTI CAST , U P , LOWER_UP> mtu 1500 qdisc pfifo_fa s t s t a t e UP
qlen 1000 -
lin k / e t h e r c a : 8a : 8 f : 84 : e4 : 8f brd ff : ff : ff : ff : ff : ff
i n e t 6 fe80 : : c88a : 8fff : fe84 : e48f/64 s c ope l i n k
valid_lft fo reve r p r efe r r ed_lft f o r e v e r
I t w i l l have an 1 Pv6 l i n k- l o c a l a d d ress assigned to it (the a d d ress sta rting with fe80 : : ) ,
b u t it w i l l not have a n a u t o m a t i c 1 Pv4 a d d ress.
-
D 4. D i s p l ay the i n i t i a l , defa u l t N etwork M a n a g e r 1 Pv4 confi g u ration sett i n g s for t h e

con nection.
-
[ r oot@s e r v e r x - ] # nmcli c o n show eno1 g rep ipv4

ipv4 . me t h o d : auto
ipv4 . d n s : -
ipv4 . d n s - s e a rc h :
ipv4.ad d r e s s e s :
ipv4 . r o u t e s : -
ipv4 . ig no r e - a u t o - r o u t e s : no
ipv4 . ig no r e - au t o - d n s : no
ipv4. d h cp - clien t - id :
ipv4. d h cp - se n d - h o s t n ame : yes -
ipv4. d h cp - h o s t n ame :
ipv4. neve r - default : no
ipv4.may - fail : yes
-
D 5. Config u re eno1 to h a ve a sta t i c 1 Pv4 a d d ress of 1 92.1 6 8.0.1/24, w i t h o u t an a d d i t i o n a l

g ateway. -
32 R H 254- R H E L 7 - e n -1 -20140711 -
-
G u i d ed exercise
[ r oot@s e r v e r X - ] # n m c l i con m o d enol ipv4 . ad d resses ' 19 2 . 168 . 0 . 1/24 '

-
[ r o o t@s e r v e r X - ] # nmcli con mod enol ipv4 . me t hod manual
D 6. Restart t h e eno1 network inte rface a n d conf i r m its new 1 Pv4 a d d ress confi g u ra t i o n .
-
D 6.1 . B o u n c e t h e e n o 1 i nterfa ce by ta k i n g it d o w n , t h e n b r i n g i n g it b a c k u p.
- [ roo t @ s e r v e r X - ] # nmcli con down enol

[ ro o t @ s e r v e r X - ] # nmcli con u p enol
C o n n e c t io n s u c c e s s f ully act ivated ( D - Bu s act ive pat h : / o r g / f r e e de s k t op/
-
N e t wo r kManag e r /Ac t iveCo n n e c t i o n / 2 )
D 6.2. Use t h e ip ad d r co m m a n d to c o n f i r m t h e i n te rfa c e ' s co nfig u ra t i o n .

-
[ r o o t @ s e r v e r X - ] # i p add r show dev enol

4 : e n o l : <BROADCAST , MU LTI CAST , U P , LOWER_UP> mtu 1500 qdisc pfifo_fa s t s t a t e !
- UP q l e n 1000 I
l i n k /e t h e r c a : 8a : 8f : 84 : e4 : 8f b rd ff : ff : ff : ff : ff : ff
i n e t 1 9 2.168.0.1/24 b r d 1 9 2.168.0. 2 5 5 s c op e global e n o 1
valid_lft f o r e v e r p r e fe r r ed_lf t f o r eve r
-
i n e t 6 fe80 : : c88a : 8fff : fe84 : e48f/64 s c ope l i n k
valid_lft f o r eve r p r efe r r ed_l f t f o r eve r
-
N ot i c e t h e new i n et a d d ress ent ry.
D 7. P i n g eno1 ' s own 1 Pv4 a d d ress.

-
[ r oot@s e r v e r X - ] # ping 192 . 168 . 0 . 1

P I N G 192.168.0.1 ( 19 2.168.0 . 1 ) 56 ( 84 ) b y t e s of d a t a.
- 64 b y t e s f r om 192.168.0.1 : icmp_seq =1 t t l=64 t ime=0.091 ms
64 bytes f r om 192.168.0.1 : icmp_se q = 2 t t l=64 t ime=0.043 ms
AC
- - - 192.168.0.1 p i n g s t a t i s t ic s - - -
-
2 pac k e t s t r a n s mi t t e d , 2 receive d , 0% pac k e t lo s s , t ime 1006ms
r t t min/avg/max/mdev = 0.043/0.067/ 0.091/0.024 ms
-
D 8. P i n g a n ot h e r 1 Pv4 host, with a d d ress 1 92 .1 68.0.254, to m a ke s u re it is rea c h a b l e by eno1.
-
[ r oot@s e r v e r x - ] # ping 192 . 168 . 0 . 254
P I N G 192.168. 0.254 ( 19 2.168.0.254 ) 56 ( 84 ) b y t e s of d a t a.
64 bytes f rom 192.168.0.254 : icmp_seq=1 t t l=64 t ime=0.165 ms
64 bytes f r om 192.168. 0. 2 54 : icmp_seq =2 t t l= 6 4 t ime=0.082 ms
- AC
- - - 192. 168.0. 2 54 ping s t at i s t ic s - - -
2 p ac k e t s t r a n s mi t t e d , 2 r eceived , 0% pac k e t lo s s , t ime 1010ms
r t t min/avg/max/mdev = 0.082/0.123/0.165/0.042 ms
-
D 9. Use t h e ip c o m m a n d to d i s p l ay t h e 1 Pv4 ro u t i n g ta b l e.
-
- R H 254- R H E L 7-en-1 -201 40711 33

-
[ r o o t @ s e r v e r X - ] # i p route
d e f a u l t via 1 7 2 . 25 . 7 . 254 dev eth0 p r o t o s t atic me t r ic 1024
-
172 . 25 . 7 . 0/24 dev eth0 proto kernel s c ope l i n k s rc 17 2 . 25 . 7 . 11
1 7 2 . 25 . 253 . 254 via 172 . 2 5 . 7 . 254 d e v e t h 0 p r o t o s t at i c met r ic 1
192 . 168 . 0 . 0/24 dev enol p r o t o k e r nel s c ope lin k s rc 192 . 168 . 0 . 1
-
D 1 0. I d e nt i fy t h e i nterface confi g u ra t i o n f i l e for t h e enol network i nterfa ce i n

/ e t c / sysconfig/netwo r k - s c r i p t s . V i ew t h e f i l e contents a n d n ote w h i c h vari a b l e
-
assi g n m e nts re late to the 1 Pv4 confi g u ra t i o n t h a t w a s p e rfo r m e d e a r l i e r.
[ r oot@serve rX - ] # ls /etc/sysconfig/netwo r k - sc ripts/ifcfg - •

-
/ e t c / s y s c o n f i g / n e t wo r k - sc r ip t s/ifcfg - e nol
/ e t c / sy s c o n f i g / n e t wo r k - s c r ip t s /ifcfg - e t h 0
/ e t c / s y s c o n f i g / n e t wo r k - s c r ip t s /ifcfg - lo
[ ro o t @ s e r v e r X - ] # cat /etc/sysconfig/netwo r k - script s/ifcfg - enol -
TYPE= E t h e r n e t
BOOTPROTO=none
D E F ROUTE=yes
-
I PV4_FA I L U R E_FATAL=no
I PV6 I N IT=ye s
I PV6_AUTOCO N F=yes
I PV6_D E F ROUTE=yes
-
I PV6_FA I L URE_FATAL=no
NAME=enol
U U I D=6e2fa636 - f7 d b - 4567 - bc b a - 6 d 1 2 d 0 bbcc49
DEVI CE=enol -
O N BOOT=yes
IPADDR@=192 . 1 68 . @ . 1
PREFIX@=24
-
I PV6_PEERDNS=yes
I PV6_PEERROUTES=yes
-
D 11. Config u re t h e hos t s f i l e so t h a t 1 92.1 68.0.254 ca n be refe re nced a s "otherhost".
I [ r o o t @ s e r v e r X - ] # echo ' 192 . 168 . 0 . 254 o t herhost ' >> /etc/hosts

-
D 12. Ping " o t h e r h ost" by name to m a ke s u re the a l ias works.

-
[ r o o t @ s e r v e r x - ] # ping o t h e r host
PING o t h e r h o s t ( 19 2 . 168 . 0 . 2 54 ) 56 ( 84 ) bytes of d a t a .
64 b y t e s f r om o t h e r ho s t ( 19 2 . 168 . 0 . 2 54 ) : icmp_seq=l t tl=64 t ime=0 . 09 9 ms -
64 b y t e s f r om o t h e r ho s t ( 19 2 . 168 . 0 . 254 ) : icmp_s eq=2 t tl=64 t ime=0 . 07 0 m s
"C
- - - otherhost ping statistics - - -
-
2 p ac k e t s t r ansmit t e d , 2 r e c e ived , 0 % p a c k e t lo s s , t ime 1009ms
r t t min/avg /max/mdev = 0 . 0 7 0 / 0 . 084/0 . 09 9/ 0 . 017 ms
34 R H254- R H E L7-en-1 -20140711 -
-
-
1 Pv 6 N etwo r k i n g Concepts
1 Pv 6 N etwo r k i n g Co n c e pt s
-
O bj e c t i ves
-
After c o m p l et i n g t h i s sect i o n , st u d e nts s h o u l d b e a b l e to ex p l a i n t h e b a s i c concepts o f 1 Pv6
a d d resses a n d n etwo r k i n g .
-
I Pv6 ove rvi ew

1 Pv6 i s i nt e n d e d a s t h e rep l a c e m e n t for the 1 Pv4 n etwork p rotoco l . T h e m aj o r p ro b l e m it s o l ves i s
- t h e e x h a u s t i o n of 1 Pv4 a d d resses by u s i n g a m u c h l a rg e r network a d d ress space. I t a l so prov i d e s
a n u m be r of e n h a n ce m e nts a n d new featu res for n e t w o r k confi g u ra t i o n m a n a g e m e n t a n d
s u p p o rt for f u t u re p rotocol c h a n ges.
-
The key rea s o n 1 Pv 6 i s not yet i n wide d e p l oy m e n t is that t h e core p rotocol does not have a
s i m p l e way for syste m s that o n l y h ave 1 Pv 6 a d d resses to com m u n icate w i t h syste m s that o n l y
- have 1 Pv4 a d d resses.
The best t ra n s i t i o n p l a n at p resent i s to p rovi d e a l l h osts with both 1 Pv4 a n d 1 Pv 6 a d d resses, so

- t h a t I nt e r n et resou rces only using o n e of t h e p rotoco l s can be rea c h e d from t h e host. This is
ca l l ed a dual-stack confi g u rat i o n , and i s the a p p roach o n which this cou rse wi l l focus.
N ote
T h e re a re a n u m be r of p ro m i s i n g t ra ns i t i o n met h o d s in d eve l o p m e n t to a l l ow 1 Pv6-o n l y
- h osts to u s e t h e 1 Pv4 I nternet o r s u p p o rt o t h e r fo r m s of 1 Pv4/ 1 Pv6 t ra n s l at i o n , s u c h
a s N AT64 ( R FC 61 45) a n d 464 X L AT ( R FC 6 877 ) , b u t t h ey a re beyo n d t h e scope o f t h i s
cou rse.
The b a s i c pos i t i o n of the I nt e r n et E n g i n e e r i n g Tas k Fo rce ( I E T F ) i s t h a t network

o p e rators using 1 Pv4 s h o u l d "o bta i n an 1 Pv 6 pref i x , turn o n 1 Pv6 rou t i n g w i t h i n t h e i r
n etworks a n d between t h e m s e l ves a n d a n y peer, u pstre a m , o r d o w n st re a m n e i g h bors,
e n a b l e it o n t h e i r comp uters, a n d use it in n o r m a l p roces s i n g . This s h o u l d b e d o n e
w h i l e l ea v i n g 1 Pv4 sta b l e, u n t i l a p o i n t i s rea c h e d t h a t a n y co m m u n i ca t i o n t h a t c a n
- b e c a r r i e d o u t cou l d u s e e i t h e r p rotoco l e q u a l l y we l l . A t t h a t poi nt, t h e e co n o m i c
j u st i f i c a t i o n for r u n n i n g b o t h b e c o m e s d e ba t a b l e , a n d n etwo r k o p e rators ca n j u stifi a b l y
t u r n 1 Pv4 off." ( R FC 6144, I nt ro d u c t i o n )
-
-
I nt e r p ret i n g 1 Pv6 a d d resses
1 Pv6 a d d resses
A n 1 Pv 6 a d d ress i s a 128-bit n u m be r, n o rm a l l y e x p ressed as e i g ht c o l o n -s e p a rated g ro u ps of fo u r
-
hexa d e c i m a l n i b b les ( h a l f-bytes). E a c h n i b b l e re p resents fo u r bits o f t h e 1 Pv6 a d d ress, s o e a c h
g ro u p represents 1 6 bits of t h e 1 Pv6 a d d ress.
- - - - - - -- - --�---�
-
!' 2991 : Gdb8 : GGGG : GG19 : 990G : GGGG : 0GGG : G9 9 1
- To m a ke it e a s i e r to write 1 Pv6 a d d resses, l e a d i n g ze ros i n a c o l o n - s e p a rated g ro u p do not need

to be w ritte n . However, at least o n e n i b b l e m u st b e written i n each field. Ze ros w h i c h fo l l ow a
n o n z e ro n i b b l e i n t h e g ro u p do n e e d to b e written.
-
-
R H254- R H E L 7 - en -1 -201 40711 35
....
-
.-
I
ZG01 : db8 : 0 : 10 : 0 : 0 : 0 : 1
S i n c e a d d resses w i t h l o n g s t r i n g s of z e ros a re co m m o n , o n e o r m o re g ro u ps of consecutive zeros

m a y be c o m b i n e d with exactly one : : b l ock.
-
I
ZG01 : db8 : 0 : 10 : : 1
N otice t h a t u n d e r t h ese r u l es, 2001 : db8 : : 0010 : 0 : 0 : 0 : 1 wou l d be a not h e r l ess conve n i e n t
w a y to w rite t h e exa m p l e a d d ress. B u t it i s a va l i d re p rese ntat i o n of t h e s a m e add ress, a n d t h i s
c a n c o n f u s e a d m i ni st rators n ew to 1 Pv6. Some t i p s for writ i n g consiste n t l y rea d a b l e a d d resses: -
1. Lea d i n g z e ros in a g ro u p m u st a l ways b e s u p p ressed.

-
2. Use : : to shorten a s m u c h a s poss i b l e. I f two r u n s of ze ros a re e q u a l i n l e n g t h , s h o rten t h e
l eft m ost r u n o f zeros by preferen ce.
-
3. A l t h o u g h it i s a l l owed, do not use : : to shorten one g r o u p of ze ros. Use : 0 : i n stead, a n d
save : : f o r r u n s o f ze ros l o n g e r t h a n a s i n g l e g ro u p.
-
4. A l ways use l owercase l etters for h exadeci m a l n u m be rs a t h ro u g h f.
I m p o rt a n t
W h e n i n c l u d i n g a TC P o r U D P network port after a n 1 Pv6 a d d ress, a l ways e n c l ose t h e
1 Pv6 a d d ress i n s q u a re b ra c kets so t h a t t h e p o rt d o e s n o t l o o k l i ke it is p a rt of t h e -
a d d ress.
[ Z001 : db8 : 0 : 10 : : 1 ] : 80 .....
IPv6 s u b nets
A n o r m a l u n icast a d d ress i s d iv i d e d i nto two pa rts: the network prefix and interface ID. The
n etwork p ref i x i d e ntifies the s u b net. No two network i nte rfa ces o n the same s u bnet can h a ve t h e -
s a m e int e rface I D; the i nt e rface I D i d e ntifies a p a rt i c u l a r i n t e rface on t h e s u b net.
U n l i ke 1 Pv4, 1 Pv6 h a s a sta n d a rd s u b n et mask, which i s used for a l most a l l n o r m a l a d d resses, -
/64. In this case, h a l f of the a d d ress i s the network p refix and h a l f of it i s the i n te rface I D. T h i s
m e a n s t h a t a s i n g l e s u b n et c a n h o l d a s m a ny h o s t s a s necessa ry.
-
Ty p i ca l l y, t h e network p rov i d e r w i l l a l l ocate a s h o rte r p refix to a n o rga n i z a t i o n , s u c h a s a /48.

T h i s l eaves the rest of the n etwo r k part for assi g n i n g s u b nets f ro m that a l l ocated p re f i x . Fo r a
/48 a l l ocation, that l eaves 1 6 bits for s u b nets ( u p to 65536 s u b n ets). -
36 R H 254- R H E L 7-en-1 -20140711 -
-
-
-
1 Pv6 a d d ress a l location

-
1 Pv6 a d d ress i s 2001:db8:0:1::1/64

-
A l l ocat i o n fro m p rovi d e r i s 2001:db8::/48
-
n etwo r k pa rt i nte rfa ce I D
- -
-
I
-
- '/48 al:cat i o ;
- /1 6 fo r l oca l s u b nets
Figure 2. 1 : 1Pv6 address parts and subnetting
-
1 Pv6 a d d ress a l l ocat i o n
- Common 1 Pv6 Addresses a n d Networks

1 P v 6 ad d re s s o r Pur p ose De s c r i p t i on
netw o r k
-
: : 1/128 l oca l host The 1 Pv 6 e q u i va l ent to 127 . 0 . 0 . 1/8, set o n
t h e l o o p b a c k interface.
- .. .. The u n s pecified The 1 Pv 6 e q u iva l e n t to 0 . 0 . 0 . 0. Fo r a
a d d ress n etwo r k service, t h i s cou l d i n d icate t h a t it is
l i ste n i n g o n a l l config u re d IP a d d resses.
-
: : 10 The defa u lt ro ute (t he The 1 Pv 6 e q u iva l ent to 0 . 0 . 0 . 010. T h e
1 Pv 6 I nt e r n et) defa u l t route i n t h e ro u t i n g ta b l e matches t h i s
-
n etwo r k; t h e ro uter fo r t h is netwo r k is w h e re
a l l t raffic is sent for w h i c h t h e re is not a bette r
route.
- 2000 : : /3 G l o b a l u n i cast " N o r m a l " 1 Pv6 a d d resses a re c u r re n t l y b e i n g
a d d resses a l l ocated f r o m t h i s s p a ce b y I A N A. T h i s i s
e q u iva l e nt to a l l t h e n etworks ra n g i n g from
- 2000 : : / 1 6 t h ro u g h 3fff : : /16.
fd00 : : /8 U n i q u e loca l 1 Pv 6 has n o d i rect eq u iva l e n t of R FC 1 9 1 8
-
a d d resses ( R FC 41 93) p rivate a d d ress s p a ce, a lt h o u g h t h i s i s
c l ose. A s ite can use t h ese to s e l f-a l l ocate a
p rivate routa b l e I P a d d ress s p a ce i n s i d e t h e
-
o rg a n i za t i o n , b u t t h e s e networks c a n not b e
used o n t h e g l o b a l I nternet. T h e site m ust
randomly s e l ect a I48 from t h i s s p a ce, but it
-
can s u b n et the a l l ocation i nto /64 n etworks
n o rm a l l y.
fe80 : : /64 L i n k- l o c a l a d d resses Eve ry 1 Pv6 i nterface a utomatica l l y confi g u res
-
a link-local a d d ress that o n l y works on
the loca l l i n k on t h i s network. This w i l l b e
d i s c u ssed i n m o re deta i l later.
-
- R H 254- R H E L 7 -en -1-20140711 37

-

-
1 Pv6 a d d ress o r P u r pose Desc r i pt i o n

netwo r k
-
ttee : : /8 M u lt icast The 1 Pv6 e q u iva l ent to 224 . a . a . al 4.

M u l t icast is u sed to t ra n s m i t to m u l t i p l e hosts
a t the same t i me, a n d is p a r t i c u l a r l y i m porta nt -
i n 1 Pv6 beca use it h a s n o b road cast a d d resses.
L i n k - l o c a l a d d resses
A link-local address in 1 Pv6 i s a n u n routa b l e a d d ress w h i c h i s used o n l y to ta l k to h osts o n a
specific network l i n k . Eve ry network i nte rface o n t h e system is a utomatica l ly confi g u re d with a
l i n k - l o c a l a d d ress on t h e fe80 : : network. To e n s u re that it is u n i q ue, t h e i nte rfa ce I D of t h e l i n k -
l oca l a d d ress i s constru cted from t h e network i nte rface's Ethernet h a rd wa re a d d ress. The u s u a l
proce d u re to co nvert t h e 48-bit MAC a d d ress to a 64-bit i n te rface I D i s to s e t b i t 7 of t h e MAC
a d d ress and i n se rt ff : fe betwe e n its two m i d d l e bytes. -
N etwo r k prefi x : fe80 : : /64

-
• M AC a d d ress: ea : 11 : 2 2 : aa : bb : cc
• L i n k- l o c a l a d d ress: fe80 : : 211 : 22ff : feaa : bbcc/64
The l i n k- l o c a l a d d resses of other m a c h i n es c a n b e used l i ke n o r m a l a d d resses by ot h e r h osts o n

t h e s a m e l i n k. S i n ce every l i n k has a fe80 : : / 6 4 network o n it, t h e ro u t i n g t a b l e c a n n ot b e u s e d
-
to s e l ect t h e o u t b o u n d i nterface correct l y. T h e l i n k to u se w h e n t a l k i n g to a l i n k-l oca l a d d ress
m u st be specified with a scope identifier at the e n d of the a d d ress. The scope i d e n t i f i e r cons ists
of % fo l l owed by the n a m e of the network inte rface.
-
Fo r exa m p le, to use pings to ping the l i n k- l o c a l a d d ress fe80 : : 211 : 22ff : feaa : bbcc u s i n g
t h e l i n k con nected to t h e e t h e netwo r k i nterface, t h e correct co mma n d wo u l d b e :
-
[ s t ud en t@demo - ) $ ping6 fe80 : : 211 : 22ff : feaa : bbcc%eth0
N ote
/ · · .'--;
-
Scope i d e n t if i e rs a re o n l y n e e d e d w h e n contact i n g a d d resses t h a t h a ve " l i n k" scope.
N o r m a l g l o b a l a d d resses a re used j u st l i ke t h ey a re i n 1 Pv4, and s e l e ct t h e i r o u t b o u n d
inte rfa ces f r o m t h e ro u t i n g t a b l e.
-
M u l t i cast
-
M u lt i cast p l ays a l a rg e r ro l e in 1 Pv6 t h a n in 1 Pv4 beca u se t h e re i s no broadcast a d d ress i n
1 Pv6. O n e key m u lticast a d d ress i n 1 Pv6 i s ff02 : : 1 , t h e a l l -nodes l i n k- l o ca l a d d ress. Pi n g i n g
t h i s a d d ress w i l l s e n d traffic to a l l n o d e s o n t h e l i n k. L i n k-scope m u lticast a d d resses (st a r t i n g
-
ff02 : : /8) need to be s p e c i f i e d with a scope i d e nt i f i e r, j u st l i ke a l i n k - l oca l a d d ress.
[ s t ud en t@demo - ) $ pings ff02 : : 1%et h0 -

P I N G ff02 : : 1%e t h 0 ( ff02 : : 1 ) 56 d a t a b y t e s
64 byt e s f r om fe80 : : 211 : 22ff : feaa : b bcc : i c mp_s eq=l t t l=64 t ime=0 . 07 2 ms
64 bytes f r om fe80 : : 200 : aaff : fe33 : 2211 : icmp_s eq=l t t l=64 t ime=102 ms ( DUP ! )
64 bytes f r om fe80 : : bc d : efff : fea1 : b2 c 3 : i c mp_s eq=l t t l=64 t ime=103 ms ( DUP ! ) -
64 bytes f r o m fe80 : : 211 : 2 2 ff : feaa : b b c c : i c mp_seq =2 t t l=64 t ime=0 . 07 9 m s
38 R H 254- R H E L 7-en-1 -20140711 -

-
1 Pv 6 a d d ress config u ra t i o n
-
I Pv6 a d d ress co nfi g u ra t i o n

-
1 Pv4 h a s two ways i n w h i c h a d d resses get confi g u red o n network i nte rfa ces. N etwork a d d resses
may b e confi g u re d o n i nterfaces m a n u a l l y by the a d m i n i strator, o r d y n a m i ca l l y from t h e
n etwo r k u s i n g D H C P. 1 Pv6 a l so s u p ports m a n u a l confi g u ra t i o n , a n d t w o m e t h o d s of d y n a m i c
-
confi g u ra t i o n , o n e of w h i c h i s D H C Pv6.
Stati c a d d re s s i n g
-
I nterface I Ds for static 1 Pv6 a d d resses c a n b e s e l ected at w i l l , j u st l i ke 1 Pv4. I n 1 Pv4, t h e re were
two a d d resses o n a n etwork that cou l d not be u s e d , the l owest a d d ress in the s u bnet and t h e
-
h i g h est a d d ress i n t h e s u b net. I n 1 Pv6, t h e fo l l ow i n g i n te rface I Ds a re rese rved a n d ca n n ot b e
used for a n o r m a l n e t w o r k a d d ress o n a host.
-
• The a l l - z e ros i d e n t i f i e r 0000 : 0 0 0 0 : 0000 : 0000 ( " s u b net ro uter a nycast " ) u s e d by a l l routers
on t h e l i n k. ( Fo r t h e 2001 : db8 : : /64 n etwo rk, t h i s wo u l d be t h e a d d ress 2001 : db8 : : .)
• The i d e n t i f i e rs fdff : ff ff : ff ff : ff80 t h ro u g h fdff : ff f f : ffff : ff ff.

-
D H C Pv6 confi g u ra t i o n
D H C Pv 6 works a l itt l e d iffere n t l y than DHCP for 1 Pv4, because t h e re i s n o broad cast a d d ress.
-
Essent ia l l y, a host s e n d s a D H C Pv6 requ est from its l i n k- l o c a l a d d ress to p o rt 547/ U D P on
ff02 : : 1 : 2, the a l l - d h c p-servers l i n k- l oca l m u l t i ca st g ro u p. The D H C Pv6 server t h e n u s u a l l y
s e n d s a re p l y w i t h a p p ro p riate i nfo r m a t i o n t o port 546/ U D P o n t h e c l i e nt ' s l i n k- l o c a l a d d ress.
-
The dhcp p a c k a g e i n R H E L 7 p rovides su p p o rt for a D H C Pv6 server.
-
S LAAC confi g u ra t i o n
In addition to D H C Pv6, 1 Pv6 a l so s u p ports a second dynamic config u ra t i o n method, ca l l ed
Stateless Address Autoconfiguration ( S L A A C ) . U s i n g S L AAC, the host b r i n g s up its i nte rface
-
with a l i n k- l o c a l fe80 : : /64 a d d ress n o rm a l l y. I t then sends a " ro u t e r s o l i c itat i o n " to ff02 : : 2,
t h e a l l -ro u t e rs l i n k- l o c a l m u l t icast g r o u p. A n 1 Pv6 ro uter o n t h e l oca l l i n k res p o n d s to t h e h o s t ' s
-
l i n k - l o c a l a d d ress w i t h a n etwo rk p refix a n d poss i b l y ot h e r i nfo r m a t i o n . T h e h o s t t h e n uses
that netwo r k prefix with a n i nterface ID that it n o rm a l l y constructs i n the same way that l i n k
l oca l a d d resses a re constructed. T h e rou t e r p e r i o d i ca l l y s e n d s m u l t i cast u p d ates ( " router
-
advert i s e m e nt s " ) to confirm o r u p d ate the i nf ormation it p rovi d e d .
The radvd p a c ka g e i n R H E L 7 a l l ows a R H E L-based 1 Pv6 r o u t e r to p rov i d e S LA A C t h ro u g h ro uter

-
advert i s e m e nts.
I m p o rta nt
-
A typica l R H E L 7 machine conf i g u re d to g et 1 Pv4 a d d resses t h ro u g h DHCP i s u s u a l l y

a l s o c o n fi g u re d to u s e S LA A C to g e t 1 Pv 6 a d d resses. T h i s ca n resu l t i n m a c h i n es
- u nexpecte d l y o b ta i n i n g 1 Pv 6 a d d resses w h e n a n 1 Pv6 router i s a d d e d to t h e network.
Some 1 Pv6 d e p l oy m e nts co m b i n e S LA A C and D H C Pv6, u s i n g S L A AC to o n l y p rovi d e

- netwo r k a d d ress i nfo r m a t i o n a n d D H C Pv 6 to prov i d e other i nfo r m a t i o n , s u c h a s w h i c h
D N S se rve rs a n d s e a r c h d o m a i n s to config u re.
-
R H 2 5 4- R H E L 7 - e n -1 -201 40711 39
-
-
C h a pter 2. M a n a g i ng 1 Pv6 N etwo r k i n g
R Refe re n ces
-
ping(8), r advd( 8 ) , a n d dhcpd(8) m a n pages
S e l ected I ETF R FC references: -
R FC 2460: I nt e r n et Protoco l , Ve rsion 6 ( 1 Pv6) S p e c i f i c a t i o n

http://to o l s . i etf. o rg/ht m l /rfc2460
R FC 4291: IP Version 6 A d d ress i n g Architect u re

htt p ://tools.ietf.org / htm l /rfc4291
-
R FC 5952: A Reco m m e n d a t i o n For 1 Pv6 A d d ress Text R e p rese ntation

http://to o l s . i etf.org/ht m l /rfc5952
-
R FC 4862: 1 Pv6 State l ess A d d ress Autoconfig u ra t i o n

http://too l s . i etf.org/ht m l /rfc4862
-
R FC 331 5 : D y n a m i c H ost Confi g u ration P rotoc o l for 1 Pv 6 ( D H C Pv6)

http://to o l s . i etf.org/htm l /rfc331 5
-
R FC 3736: State less Dyn a m i c H ost Confi g u ra t i o n P rotoco l ( D H C P) S e rvice for 1 Pv 6

http://too l s . i etf.o rg/htm 1 /rfc3736
-
R FC 4193: U n i q u e Loca l 1 Pv 6 U n i cast Ad d resses
http://to o l s . i etf. o rg/htm l /rfc41 93
-
40 R H254- R H E L7 - e n -1 -201 40711 -
-
-
P ract ice: I nt e r p ret i n g 1 Pv 6 A d d resses

-
-
P ra ct i ce: I n t e r p ret i n g 1 Pv6 A d d resses
- Quiz
M atch t h e fo l l owi n g c o m p ressed 1 Pv 6 a d d resses to t h e i r cou nterpa rts i n t h e ta b l e.
-
-
2800 : : 1 I 2001 : 3 : 788 : : 2 I I
2001 : 3 : : 7 : 8 : 2
-
2 0 0 1 : d b8 : 8 : 7 : : 2 I 2 0 8 1 : d b8 : : 7 : : 2 I��
ff02 : : 1 : 0 : 0
-
1 Pv 6 a d d ress Com p ressed 1 Pv 6

a d d ress
-
- 2 0 0 0 : 0 000 : 0 0 0 0 : 0 0 0 0 : 0 000 : 0 0 0 0 : 0 0 0 0 : 0 0 0 1
- 0 0 0 2 : 0000 : 00 0 0 : 0 0 0 0 : 0000 : 00 0 0 : 00 0 0 : 0 0 0 1
-
2 0 0 1 : 0 d b8 : 0 0 0 0 : 0 0 0 7 : 0 000 : 0 0 0 0 : 0 0 0 0 : 0 0 0 2
2 0 0 1 : 0003 : 0 0 0 0 : 0 0 0 0 : 0000 : 00 0 7 : 0 0 0 0 : 0 0 0 2
2 0 0 1 : 0003 : 0 7 0 0 : 0 0 0 0 : 0000 : 00 0 0 : 00 0 0 : 0 0 0 2
-
ff02 : 0000 : 00 0 0 : 0 0 0 0 : 00 0 0 : 00 0 1 : 0 0 0 0 : 0000

-
0 0 0 0 : 0000 : 00 0 0 : 0 0 0 0 : 0000 : 00 0 0 : 00 0 0 : 0000

-
N ot a va l i d 1 Pv6 a d d ress
-
-
R H 254- R H E L 7 - e n -1 -20140711 41
-
-
C h a pter 2. M a n a g i ng 1 Pv6 N etwo r k i n g
Solution
-
Match t h e fo l l o w i n g c o m p ressed 1 Pv6 a d d resses t o t h e i r counterparts i n t h e t a b l e.
1 Pv6 a d d ress C o m p ressed 1 Pv6

a d d ress
2000 : 00 0 0 : 0000 : 0000 : 0 0 0 0 : 00 0 0 : 0000 : 00 0 1 2000 : : 1

-
0002 : 0 0 0 0 : 0000 : 0000 : 00 0 0 : 00 0 0 : 0000 : 0 0 0 1 2: :1 -
2001 : 0d b 8 : 00 0 0 : 0007 : 00 0 0 : 00 0 0 : 0000 : 0 0 0 2 2 0 0 1 : d b8 : 0 : 7 : : 2 -
-
2001 : 00 0 3 : 0000 : 0000 : 00 0 0 : 0 0 0 7 : 0000 : 0 0 0 2 2001 : 3 : : 7 : 0 : 2
2 0 0 1 : 00 0 3 : 0 7 0 0 : 0000 : 00 0 0 : 00 0 0 : 0000 : 0 0 0 2 2001 : 3 : 700 : : 2
ff02 : 0 0 0 0 : 0000 : 0000 : 00 0 0 : 0 0 0 1 : 0000 : 0000 ff 0 2 : : 1 : 0 : 0

-
. .
0000 : 00 0 0 : 0000 : 0000 : 00 0 0 : 00 0 0 : 0000 : 00 0 0 . .
N ot a va l i d 1 Pv6 a d d ress 2001 : db8 : : 7 : : 2

-
42 R H254- R H E L 7-en-1 -20140711 -
-
-
1 Pv 6 N etwo r k i n g Confi g u ra t i o n
-
1 Pv 6 N etwo r k i n g Co n f i g u ra t i o n
-
-
O bj ect i ves
After c o m p l et i n g t h i s sect i o n , st u d e nts s h o u l d b e a b l e to confi g u re 1 Pv 6 n etwo r k i n g u s i n g nmcli
and c o n fi g u ra t i o n f i l es in t h e / e t c / sysconfig/netwo r k - s c r i p t s d i recto ry.
-
N etwo r k M a n a g e r a n d l Pv6
-
To work w i t h 1 Pv 6 a d d resses u s i n g N etwo r k M a n a g e r, a l l t h e c o m ma n d s t h a t a re used with 1 Pv4
n etwo r k i n g work with 1 Pv6 netwo r k i n g . T h e re a re some d i fferent sett i n g s t h a t a re rel eva n t for
c o n n e c t i o n s , but m ost co m m a n d s w i l l be s i m i l a r for 1 Pv6 confi g u ra t i o n .
-
Ad d i n g a n I Pv6 n etwo r k c o n nect i o n

The nmcli con add com m a n d i s used to a d d new netwo r k c o n n e c t i o n s .
-
The fo l l ow i n g com m a n d , shown i n a p rev i o u s section of t h i s c h apter, w i l l a d d a new c o n n e c t i o n

f o r t h e i n t e rface eno2, w h i c h w i l l a utoco n nect at sta rt u p , g ett i n g 1 Pv4 n etwo r k i n g i nfo r m a t i o n
-
u s i n g D H C Pv4. I t w i l l also get 1 Pv6 n etwo r k i n g sett i n g s by l i steni n g for ro uter a d v e r t i s e m e n t s o n
t h e loca l l i n k.
-
i [ r oo t@demo - ] # nmcli con add con - name eno2 t ype ethernet ifname eno2
L ��· ��-
- The n ext exa m p l e config u res t h e eno2 i n te rfa ce statica l l y i n stea d , u s i n g t h e 1 Pv6
a d d ress and n etwo rk p refix 2001 : d b8:0:1 ::c000:207/64 and defa u l t 1 Pv6 g a teway
2001 : d b 8:0:1 ::1 , a n d t h e 1 Pv4 a d d ress a n d n etwork prefix 1 92.0.2.7/24 a n d defa u lt 1 Pv4
- g ateway 1 92 .0.2.1 , but sti l l autoco n n ects a t start u p and saves its confi g u ra t i o n i nto
/ e t c / sysconfig/netwo r k - sc r i p t s/ifcfg - eno2. The exa m p l e i s l i ne-wra p ped with a s h e l l
\ escape.
r
-
[ r oot@demo - ] # nmcli c o n a d d con - name eno2 t y p e e t h e r net ifname e n o 2 \

I > ip6 2 0 0 1 : db8 : 0 : 1 : : c000 : 207/64 gw6 2 0 0 1 : db8 : 0 : 1 : : 1 ip4 192 . 8 . 2 . 7/24 gw4 192 . G . 2 . 1
- !
M o d i fy i n g n etwo r k co n n e c t i o n sett i n g s fo r 1 Pv6

-
The n m c l i con show name co m m a nd , w h e re name is t h e n a m e of t h e c o n n ec t i o n , c a n be u s e d
to view 1 Pv6-re l ated sett i n g s :
-
[ roo t@demo - ] # nmcli c o n s how s t atic - et h 0 I g rep ipv6

ipv6 . me t h o d : m a n u al
ipv6 . d n s : 2001 : 48 6 0 : 48 6 0 : : 8888
-
ipv6 . d n s - s e a rc h : e xample . c om
ipv6 . ad d r e s s e s : { ip = 2 0 0 1 : d b8 : 0 : 1 : : 7/ 6 4 , gw = 2 0 0 1 : d b8 : 0 : 1 : : 1 }
ipv6 . r o u t e s :
- ipv6 . ig n o r e - au t o - r o u t e s : no
ipv 6 . ig n o r e - au t o - d n s : no
ipv6 . neve r - default : no
ipv6 . may - fail : yes
I_
-
ipv6 . ip 6 - p r ivacy : - 1 ( u n k n own )
ipv6 . d h cp - h o s t n ame :
[ r oo t@demo - ] #
-
- RH254- R H E L 7 - en -1 -20140711 43
-
-
C h a pter 2. M a na g i ng 1 Pv 6 N etwo r k i n g
Li kewise, nmcli c o n m o d name c a n be u s e d to a dj u st h ow c o n nect i o n s s e t 1 Pv6 a d d resses.
To set the 1 Pv6 a d d ress to 2001 : d b 8 :0:1::a 00:1/64 a n d defa u l t g ateway to 2001 : d b 8:0:1 ::1 for t h e -
c o n n ect i o n s t at ic - e t h a :
[ r oot@demo ] # nmcli c o n mod s t atic - et h 0 ipv6 . address " 20 0 1 : db8 : 0 : 1 : : a00 : 1/64
-
-
2001 : db8 : 0 : 1 : : 1 "

--- ��-- - - - - ------
· ---- -�
· ---.------� - - -------- -��--------��-� .. -------�---�-�
I m p o rt a n t
I f a c o n n ection t h a t g o t its 1 Pv6 i nfo r m a t i o n b y S LAAC o r a D H C Pv6 server i s b e i n g
-
c h a n g e d to get i t f r o m stat i c confi g u ra t i o n f i l es o n l y, t h e sett i n g ipv6 . met hod s h o u l d

a l so be c h a n g e d f r o m a u t o o r d h c p t o manual. Otherwise, t h e c o n n ection m a y h a n g
o r not com p l ete s uccessfu l l y w h e n it is activated, o r it m a y get a n 1 Pv6 a d d ress from -
S L A A C o r D H C Pv6 in a d d it i o n to t h e sta t i c a d d ress.
-
A n u m b e r of sett i n g s may have m u l t i p l e va l u es. A specific va l u e can b e added to the l ist or
d e l eted from the l i st for a sett i n g by a d d i n g a + o r - sy m b o l to the start of the sett i n g n a m e.
To a d d t h e D N S server 2001 :4860:4860::8888 to t h e l i st of n a m eservers to u se w i t h t h e -
con nection s t a t ic - e t h 0 :
-
[ r oot@demo - ] # nmcli c o n mod s t atic - et h 0 +ipv6 . dns 2 0 0 1 : 4860 : 4860 : : 8888
N ote
-
�····."':,
S t a t i c 1 Pv4 a n d 1 Pv 6 D N S sett i n g s a l l e n d u p a s namese rve r d i rectives i n
/ e t c / resolv . conf. I t m a y b e a good i d ea to e n s u re t h a t t h e re i s , at m i n i m u m , a n -
1 Pv4-rea c h a b l e n a m eserver (ass u m i n g a d u a l -sta c k system) a nd p refera b l y a t l east o n e

n a m eserver u s i n g e a c h p rotocol i n case o f c o n n e ctivity i s s u es w i t h e i t h e r 1 Pv4 o r 1 Pv6
netwo r k i n g . -
R e m e m b e r that t h e f i l e / e t c / sysconfig/netwo r k - s c r i p t s/ifcfg - name can b e d i rectly -
e d i t e d , a n d t h a t nmcli con reload m u st be r u n after savi n g so that N etwork M a n a g e r rea d s

t h e confi g u ra ti o n c h a nges.
-
T h e fo l l ow i n g ta b l e m a ps s o m e of t h e key N etwo r k M a n a g e r sett i n g names re leva n t to 1 Pv6

c o n n ect i o n s to i fcfg - * d i rectives.
-
Comparison of n m - settings and ifcfg·* Directives
nmcli con mod ifcfg - * file Effect
ipv6 . met hod manu al I PV6_AUTOCON F = no 1 Pv6 a d d resses confi g u re d -
stat i ca l l y.
ipv6 . me t hod au t o I PV6_AUTOCON F=yes W i l l conf i g u re network
-
sett i n g s using S LAAC from

router a d vertise m e nts.
-
ipv6 . met hod d h c p W i l l confi g u re n etwo r k -

IPV6_AUTOCONF=no
DHCPV6C=yes sett i n g s by u s i n g D H C Pv6, b u t
--- -- - not S LAAC.
44 R H 254- R H E L7 - e n -1 -201 40711 -
-
-
V i ewi n g 1 Pv6 netwo r k i n g i nfo r m a t i o n

-
n m c l i c o n mod i f c f g - * file Effe c t

'
- ipv6 . ad d resses S e t s static 1 Pv4 a d d ress,
I PV6ADDR=20 0 1 : db8 : : a/64
" 20 0 1 : d b 8 : : a/64 I PV6_DEFAU LTGW=2001 : db8 : : 1 n etwo r k p ref i x , a n d
'
2001 : d b8 : : 1 " '------'- - �"�--�- �-
- -
- ---�---- - - defa u l t gateway. I f m o re
- t h a n o n e a d d ress i s
s e t for the c o n n e c t i o n ,
I PV6_SECON DARI ES takes a
-
d o u b l e- q u oted l i st of space-
d e l i m ited a d d ress/p re f i x
d e f i n i t i ons.
-
ipv6 . d n s DNS 0= M o d ify /et c/ r esolv . conf
to use this name s e rve r .
-
Exact l y t h e s a m e a s 1 Pv4.
ipv6 . d n s - sea r c h DOMAI N =example . com M o d ify /e t c / r e solv . conf
example . com to use t h i s d o m a i n in t h e
-
s e a r c h d i rect ive. Exact l y t h e
s a m e as 1 Pv4.
-
ipv6 . ignore - au t o - d n s I PV6-PEERDNS=no I g n ore DNS server
true i nfo r m a t i o n f r o m t h e D H C P
s e rver.
- connec t ion . au t oconnect ON BOOT=yes Automatica l l y a ct i vate t h i s
yes c o n n ection a t boot.
connec t ion . id e t h 0 NAME= e t h 0 T h e n a m e of t h i s c o n n e c t i o n .
-
connec t ion . in t e r face - DEVICE=e t h 0 The con nect i o n i s b o u n d t o

name e t h 0 t h e network i nte rfa ce w i t h
- t h i s n a m e.
80 2 - 3 - e t h e r net . mac - HWADDR= The c o n n e c t i o n is b o u n d to
add r e s s t h e network i nte rfa ce w i t h
-
t h is M A C a d d ress.
- V i ewi n g I Pv6 n etwo r k i n g i nfo r m a t i o n

Both nmcli dev s t a t u s t o s h ow t h e N etwo r k M a n a g e r status of a l l network d evices a n d
nmcli c o n show to s h ow t h e l i st o f ava i l a b l e c o n n e c t i o n s w o r k exa c t l y a s t h ey d o f o r 1 Pv4.
-
The ip add r s how c o m m a n d sti l l d i s p l ays t h e c u rrent confi g u ra t i o n of n etwo r k i n t e rfaces o n

t h e system. The exa m p l e t h a t fo l l ows ca l l s o u t s o m e ite m s re l eva n t t o 1 Pv6.
-
C» u P , LOWER_UP>
[ s t u d e n t@demo - ] $ ip add r s how etha
2 : e t h 0 : <BROADCAST , MU LT I CAST , m t u 1 5 00 q d i s c p fifo_fast state U P q l e n

-
1000
E> 1 i n k /e t h e r 5 2 : 54 : 00 : 00 : 00 : 0 b b r d ff : ff : ff : ff : ff : ff
- E> i n e t 192 . 0 . 2 . 2/24 b r d 192 . 0 . 2 . 255 s c o pe global e t h 0
valid_l f t fo rever p r e fe r r ed_lft f o r ev e r
C» i n e t 6
2001 : d b8 : 0 : 1 : 50 54 : ff : fe00 : b /64 s c o pe g l o b a l
- valid_lft f o r ev e r p r e fe r r ed_l f t f o r e v e r
C> i n e t 6
fe80 : : 50 54 : ff : fe00 : b/64 s c o pe lin k
valid_lft fo reve r p r e fe r r ed_lft f o r e v e r
-
- R H 254- R H E L 7-en-1 -20140711 45
-
-

-
O An active i nterface is UP.

O The lin k / e t h e r l i n e specifies t h e h a rd w a re ( M AC) a d d ress of t h e devi ce.
-
O T h e inet l i ne s h ows a n 1 Pv4 a d d ress, its network prefix l e n g t h , a n d scope.

O The i n e t 6 l i n e s h ows a n 1 Pv6 a d d ress, its network prefix l e n g t h , a n d scope. T h i s a d d ress i s
o f global s c o p e a n d i s n o r m a l l y u sed. -
O T h i s ine t 6 l i n e is for a n a d d ress of link scope a n d c a n o n l y be used for co m m u n ication o n

t h e l o c a l Et h e r n et l i n k.
-
The ip - 6 r o u t e s how com m a n d d i s p l ays t h e 1 Pv6 ro u t i n g t a b l e for t h e system:
� [ root@demo - ] # ip -6 route show

u n r eachable : : /96 dev lo me t r ic 1024 e r r o r - 101
-
u n r eachable : : ffff : 0 . 0 . 0 . 0/96 dev lo me t r ic 1024 e r ro r - 101
I
• 2001 : d b8 : 0 : 1 : : / 64 dev e t h 0 p r o t o k e r nel m e t r i c 256 -
u n r eachable 2002 : a00 : : / 24 dev lo me t r ic 1024 e r ro r - 10 1

1 u n r eachable 2002 : 7f00 : : /24 dev lo met ric 1 0 2 4 e r ro r - 101
u n r eachable 2002 : a9fe : : /3 2 dev lo m e t r i c 1024 e r r o r - 101
-
u n r eachable 2002 : ac 10 : : /28 dev lo met ric 1024 e r r o r - 101
u n reachable 2002 : c 0a8 : : /32 dev lo m e t r i c 1024 e r r o r - 101
u n r eachable 2002 : e000 : : /19 dev lo m e t r i c 1024 e r r o r - 101
1 u n r eachable 3ffe : ffff : : /32 dev lo m e t r i c 1024 e r r o r - 101
L
-
I fe80 : : / 64 d e v eth0 p r o t o k e r nel m e t ric 256
d efa u l t via 2001 : d b 8 : 0 : 1 : : ffff d e v e t h 0 p r o t o s t atic m e t r i c 1024
______
______ _____ _,
____________
-
In t h e p revi o u s exa m p l e, i g n o re the u n reachable routes, w h i c h point at n etworks w h i c h a re
never to b e u s e d . That l eaves t h ree ro utes:
1. To the 2001 : d b8:0:1 ::/64 network u s i n g the ethO i nterface (w h i c h p res u m a b l y h a s a n a d d ress -
on t h a t n etwork).
2. To the feB0::/64 network u s i n g the ethO i nt e rface, for the l i n k- l oca l a d d ress. O n a system -
with m u l t i p l e inte rfa ces, t h e re wi l l b e a ro ute to feB0::/64 out each i nterface for each l i nk
l o c a l a d d ress.
-
3. A defa u l t route to a l l n etworks o n the 1 Pv 6 I nternet (the ::/0 network) that d o n ' t have a
more specific ro ute o n t h e syste m , t h ro u g h t h e router at 2001 : d b 8 :0:1 ::ffff, reac h a b l e with
t h e ethO d evi ce. -
I Pv6 t ro u b l es h oot i n g too l s

-
C o n n ectivity
The ping6 c o m m a n d i s t h e 1 Pv6 vers i o n of ping in Red Hat E nterprise L i n u x. I t com m u n icates
-
over 1 Pv6 a n d can take 1 Pv6 a d d resses, but otherwise works l i ke ping.
[ r oot@demo - ] # pings 2aa1 : dbs : a : 1 : : 1 -

P I N G 2001 : d b8 : 0 : 1 : : 1 ( 2001 : d b8 : 0 : 1 : : 1 ) 56 d a t a bytes
64 byt e s f r om 2001 : d b8 : 0 : 1 : : 1 : icmp_s e q = 1 t t l=64 t ime=18 . 4 m s
64 bytes f rom 2001 : d b8 : 0 : 1 : : 1 : icmp_s eq=2 t t l=64 t ime=0 . 178 ms
64 byt e s f r om 2001 : d b8 : 0 : 1 : : 1 : icmp_seq=3 t t l=64 t ime=0 . 180 ms -
"C
- - - 2001 : d b8 : 0 : 1 : : 1 p i n g s t a t i s t i c s - - -
3 pac k e t s t r ansmit t e d , 3 received , 0% pac k e t lo s s , t ime 2001ms
-
rtt min/av g/ max/mdev = 0 . 178/6 . 2 72/18 . 458/8 . 616 ms
[ r oot@demo - ] #
46 R H 254- R H E L 7-en-1 -20140711 -
-
-
1 Pv 6 t ro u b l es h ooti n g too l s
L i n k - l o c a l a d d resses a n d t h e l i n k- l o c a l a l l - n od e s m u l t i cast g ro u p (ff02::1 ) c a n b e p i n g e d , b u t

t h e network i nterface to use m u st b e s p e c i f i e d e x p l ic i t l y w i t h a scope z o n e i d e n t i f i e r (s u c h a s
-
ff02::1 %eth0). I f t h i s i s l eft o u t , t h e e r ro r c o n n e c t : I nvalid a r g u me n t w i l l b e d i s p l ayed.
[ root@rhel7 -]# ping6 ff02 : : 1%eth1

PING ff02 : : 1%eth1( ff02 : : 1) 56 data bytes
P i n g i n g ff02::1 ca n b e useful fo r f i n d i n g other 1 Pv6 nodes o n t h e l o c a l network.
64 bytes from fe80 : : 78cf : 7fff : fed2 : f97b : icmp_seq=1 ttl=64 time=22 . 7 ms
-
64 bytes from fe80 : : f482 : dbff : fe25 : 6a9f : icmp_seq=1 ttl=64 time=30 . 1 ms ( DUP ! )
64 bytes from fe80 : : 78cf : 7fff : fed2 : f97b : icmp_seq=2 ttl=64 time=0 . 183 ms
64 bytes from fe80 : : f482 : dbff : fe25 : 6a9f : icmp_seq=2 ttl=64 time=0 . 231 ms ( DUP ! )
-
"C
- - - ff02 : : 1%eth1 ping statistics - - -
2 packets transmitted, 2 received, +2 duplicates, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0 . 183/13 . 320/30 . 158/13 . 374 ms
-
[ root@rhel7 -]# ping6 -c 1 fe80 : : f482 : dbff : fe25 : 6a9f%eth1

PING fe80 : : f482 : dbff : fe25 : 6a9f%eth1( fe80 : : f482 : dbff : fe25 : 6a9f ) 56 data bytes
64 bytes from fe80 : : f482 : dbff : fe25 : 6a9f : icmp_seq=1 ttl=64 time=22 . 9 ms
-
- - - fe80 : : f482 : dbff : fe25 : 6a9f%eth1 ping statistics - - -

1 packets transmitted, 1 received, 0% packet loss, time ems
-
Re m e m b e r t h at 1 Pv6 l i n k- l o c a l a d d resses c a n b e u sed by ot h e r hosts on t h e s a m e l i n k, j u st l i ke
[student@demo -]$ ssh fe80 : : f482 : dbff : fe25 : 6a9f%eth1

student@fe80 : : f482 : dbff : fe25 : 6a9f%eth1 ' s password :
- n o r m a l a d d resses.
Last login : Thu Jun 5 15 : 20 : 10 2014 from demo . example . com

[student@server -]$
-
Rout i n g
T h e t r acepat h 6 a n d t rac e r o u t e - 6 c o m m a n d s a re t h e e q u i va l e nt to t r acepat h a n d
' [ root@demo -] # t racepath6 2001 : dbS : 0 : 2 : : 451

0 . 091ms pmtu 1500
-
1? : [LOCALHOST]
t r ace r o u t e fo r 1 Pv6.
1 : 2001 : db8 : 0 : 1 : : ba 0 . 214ms

2 : 2001 : db8 : 0 : 1 : : 1 0 . 512ms
3 : 2001 : db8 : 0 : 2 : : 451 0 . 559ms reached
-
-
Resume : pmtu 1500 hops 3 back 3
- Ports a n d se rvices
E i t h e r the s s com m a n d o r the net stat c o m m a n d c a n d i s p l ay i nfo r m a t i o n a bo u t network
[ root@demo -]# ss - A inet -n

Netid State Recv-Q Send -Q Local Address : Port Peer Address : Port
sockets, and they t a ke a l most i d e ntica l o p t i o n s .
tcp ESTAB 0 0 192 . 168 . 122 . 98 : 22 192 . 168 . 122 . 1 : 35279

-
tcp ESTAB 0 0 2001 : db8 : 0 : 1 : : ba : 22 2001 : db8 : 0 : 1 : : 1 : 40810

[ root@demo -]# netstat -46n
Active Internet connections (w/o servers )
Proto Recv-Q Send-Q Local Address Foreign Address State
-
tcp 0 0 192 . 168 . 122 . 98 : 22 192 . 168 . 122 . 1 : 35279 ESTABLISHED

�t_c_p_6��-0��0�2_0· 0_·1_:_d_b_a_:0_·:_1_:_:_ba�:2_2�_2_00_·1_:_d_b_a_:_0· _:1_:_:_1_:4_0_·a_1_0�_Es_T_A_B_L_I_sH_E_o��_J
-
- RH 25 4- R H E L 7-en-1 -20140711 47
-
-
Options for s s a n d net s t at

O pt i on Des c 1 1 p t 1 on
-
-n S h ow n u m be rs i nstead o f n a mes f o r i nterfaces a n d ports.

-t S how TCP sockets.
-
-u S h ow U D P soc kets.
-I S h ow o n l y l i ste n i n g soc kets.
-
-a S h ow a l l ( l i st e n i n g and esta b l i s h e d ) sockets.
-p S how t h e p rocess u s i n g t h e soc kets.
-
-A i n et D i s p l ay active c o n n e c t i o n s ( b u t not l iste n i n g soc kets) for
t h e inet a d d ress fa m i l y. T h a t is, i g n o re l oca l U N I X d o m a i n
soc kets.
-
Fo r s s , bot h 1 Pv4 a n d 1 Pv 6 con nections wi l l b e d i s p l ayed. For

n e t s t a t , o n l y 1 Pv4 c o n n e c t i o n s w i l l be d i s p l ayed. ( n e t s t a t
-
- A inet6 w i l l d i s p l ay 1 Pv 6 con n ections, a n d net s t at - 46
wi l l d i s p l ay 1 Pv4 a n d 1 Pv6 at t h e same t i m e.)
R Refe re n ces
Ne two r kManager(8), nmcli(1 ) , nmcli - examples(5), nm - set t ings(5), ip(8), i p -
add ress(8), ip - r o u t e(8), ping6(8), t racepat h6(8), t race rou t e(8), ss(8), a n d
ne t s t at (8) m a n pages
-
48 R H 2 5 4- R H E L7 - e n - 1 -20 1 407 11 -
-
-
Practice: Confi g u r i n g 1 Pv6 N etwo r k i n g

-
-
P ra ct i ce : C o nf i g u ri n g I Pv6 N etwo r k i n g
-
G u i d e d exe rc i s e
I n t h i s l a b, you w i l l confi g u re a network i nterface w i t h a stat i c 1 Pv6 a d d ress. O n c e t h e i n te rface is

confi g u re d , you w i l l confirm t h a t it works and i d e ntify other 1 Pv6 nodes o n t h e loca l netwo r k . Yo u
w i l l a l so ex p l o re t h e contents of t h e confi g u ra t i o n f i l e c reated by N etwork M a n a g e r.
-
Res o u rces:
Files: /et c/sysconfig/netwo r k - s c r ip t s/ifcfg - enol
-
Machines: se rve rX
- Outcomes:
The enol network i nte rfa ce o n you r serverX m a c h i n e w i l l b e m a n a g e d by N etwo r k M a n a g e r
with a c o n n e ction n a m e d e n o l . I t wi l l statica l l y confi g u re a n 1 Pv6 a d d ress of
-
f d d b :fe2 a : a b1 e::c0a 8:1/64 a n d u s e fdd b:fe2a:a b1 e::c0a 8:fe/64 as t h e 1 Pv6 gateway.

-
• Reset t h e s e r v e r X system.
[student@serverX
Log i nto a n d set up y o u r se rverx system.
-
- ] $ lab ipv6 setup

! -�- ---
L.. -�-��--·---- ---�- - - -�� - --
[student@serverx
-
Become t h e root u s e r.
- - ] $ sudo - i
D 1. Before m a k i n g a ny c h a n g es, d i s p l ay t h e l i st o f existi n g network i n terfaces i n order to

-
d ete r m i n e t h e syste m ' s c u rrent confi g u ra t i o n . A l so d ete r m i n e w h i c h i n t e rfa ces a re
m a n a g e d by N etwork M a n a g e r.
-
D 1 .1 . T h e i p l i n k c o m m a n d w i l l d i s p l ay a l l o f t h e network i nte rfa ces reco g n i ze d by
[ root@serverx - ] # ip link
1 : lo : <LOOPBACK, UP, LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
t h e system.
DEFAULT
-- - ---�----- - -� ------
--- -- -------- -
link/loopback 00 : 00 : 00 : 00 : 00 : 00 brd 00 : 00 : 00 : 00 : 00 : 00
-
2 : eth0 : <BROADCAST, MULTICAST, UP, LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP mode DEFAULT qlen 1000
link/ether 52 : 54 : 00 : 00 : 07 : 0b brd ff : ff : ff : ff : ff : ff
-
4 : enol : <BROADCAST, MULTICAST, UP, LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP mode DEFAULT qlen 1000
link/ether ce : c4 : 7c : 28 : 4c : 7a brd ff : ff : ff : ff : ff : ff
-
---�------------ -- - - --
-
D 1.2. U s e t h e nmcli to l i st t h e n etwo r k i nte rfa ces t h a t N etwork M a n a g e r m a n ag es.
R H 2 5 4- R H E L 7-en-1 -201 40711 49
-
-
[ root@serverX - ] # nmcli c o n show

NAME UUID TY PE DEVICE

System eth0 5fb06bd0-0bb0-7ffb-45fl-d6edd65f3e03 802-3-ethernet eth0 -
D 2. C reate a N etwork M a n a g e r c o n n e c t i o n , ca l l e d enol, for t h e enol n e t w o r k i nte rface. -

Red i s p l a y the l i st of m a n a g e d i nt e rfaces to confirm N etwo r k M a n a g e r m a n a g e s e nol.
[ root@serverX -]# nmcli con add con - name enol type e t h e r net ifname enol
D 2 .1 .
Connection ' encl ' ( 0d687259-c64b-4e5b- bece-cabbe952e46f) successfully

U s e nmcli t o create t h e c o n n e c t i o n for enol.
-
added . -
D 2.2. D i s p l a y t h e new l ist of i nt e rfaces m a n a ged by N etwork M a n a g e r. enol s h o u l d b e
[ root@serverx - ] # nmcli con show

somewhere i n t h e l ist.
encl 0d687259- c64b-4e5b- bece-cabbe952e46f 802-3-ethernet encl

System eth0 5fb06bd0-0bb0-7ffb-45fl-d6edd65f3e03 802-3-ethernet eth0
-
[ root@serverx - ] # ip add r show enol

D 3.
4 : encl : <BROADCAST, MULTICAST, UP, LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
D i s p l ay the c u r rent IP a d d ress i nformation for enol.
qlen 1000
-
link/ether 06 : 8f : 6e : 13 : 6e : 8e brd ff : ff : ff : ff : ff : ff
inet6 fe80 : : 48f : 6eff : fe13 : 6e8e/64 scope link
valid_lft forever preferred_lft forever
-
It w i l l have a n 1 Pv6 l i n k-loca l a d d ress a s s i g n e d to it (the a d d ress o n t h e fe80 : : /64

n etwork). -
D 4. D i s p l ay the i n itia l , defa u l t N etwo r k M a n a g e r 1 Pv6 confi g u ration sett i n g s for t h e
[ root@serverx - ] # nmcli c o n
ipv6 . method : auto
connection.
-
ipv6 . dns :
ipv6 . dns-search :
ipv6 . addresses :
show enol g rep ipv6
ipv6 . routes :
-
ipv6 . ignore-auto- routes : no

ipv6 . ignore-auto-dns : no
ipv6 . never-default : no
ipv6 . may-fail : yes
-
ipv6 . ip6-privacy : -1 ( unknown )

ipv6 . dhcp- hostname :
-
D 5. Confi g u re enol to have a stat i c 1 Pv6 a d d ress of fddb : fe2a : able : : c0a8 : 1 with a
sta n d a rd /64 s u b n et p refix. U s e fddb : fe2a : able : : c0a8 : fe as t h e 1 Pv6 g ateway.
-
50 R H254-R H E L 7-en-1 -20140711 -
-
-
[ root@serverX - ] # nmcli con m o d e n o 1 ipvS . add resses ' fddb : fe2a : ab 1e : : c0a8 : 1/S4
G u i d ed exercise
[ root@serverX - ] # nmcli con mod eno1 ipvs . me t hod manual

-
fddb : fe2a : ab1e : : c0a8 : fe '

.._
D 6. Resta rt the enol network i nte rfa ce a n d confi r m its new 1 Pv6 a d d ress confi g u ra t i o n .
-
[ root@serverX - ] # nmcli con down eno1

D 6.1 .
[ root@serverX - ] # nmcli con u p eno1

B o u n c e t h e enol i n t e rfa ce b y t a k i n g i t d o w n , t h e n b r i n g i n g it b a c k u p.
Connection successfully activated {D-Bus active path : /org/freedesktop/

- NetworkManager/Activeconnection/2)
[ root@serverX - ] # ip add r show dev enol

D 6.2. U s e t h e ip add r c o m m a n d to confirm t h e i nterfa ce's confi g u ra t i o n .
4 : enol : <BROADCAST, MULTICAST, UP, LOWER_UP> mtu 1500 qdisc pfifo_fast state
-
UP qlen 1000
link/ether 06 : 8f : 6e : 13 : 6e : 8e brd ff : ff : ff : ff : ff : ff
,-
I
inet6 fddb : fe2a : ab1e : : c0a8 : 1/64 scope global

-
inet6 fe80 : : 48f : 6eff : fe13 : 6e8e/64 scope link

I valid_lft forever preferred_lft forever
-
L__________
-
N otice t h e g l o b a l a d d ress, fd d b :fe2a:ab1e::c0a 8:1/64, is ava i l a b l e for use.
[ root@serverx - ] # pings fddb : fe2a : ab1e : : c0a8 : 1

D 7.
PING fddb : fe2a : ab1e : : c0a8 : 1( fddb : fe2a : ab1e : : c0a8 : 1) 56 data bytes
Ping enol ' s own 1 Pv 6 a d d ress.
-
64 bytes from fddb : fe2a : ab1e : : c0a8 : 1 : icmp_seq=l ttl=64 time=0 . 141 ms
.--- -
64 bytes from fddb : fe2a : ab1e : : c0a8 : 1 : icmp_seq=2 ttl=64 time=0 . 081 ms
- - - fddb : fe2a : ab1e : : c0a8 : 1 ping statistics - - -
-
2 packets transmitted, 2 received, 0% packet loss, time 999ms

/\ (
-
[ root@serverX -]# pings fddb : fe2a : ab1e : : c0a8 : fe

-
D 8.
PING fddb : fe2a : ab1e : : c0a8 : fe(fddb : fe2a : ab1e : : c0a8 : fe ) 56 data bytes
P i n g t h e 1 Pv6 g ateway to m a ke s u re it i s reac h a b l e by enol.
64 bytes from fddb : fe2a : ab1e : : c0a8 : fe : icmp_seq=l ttl=64 time=0 . 254 ms
64 bytes from fddb : fe2a : ab1e : : c0a8 : fe : icmp_seq=2 ttl=64 time=0 . 123 ms
-
-
- - - fddb : fe2a : ab1e : : c0a8 : fe ping statistics - - -

i 5 packets transmitted, 5 received, 0% packet loss, time 4000ms
- rtt min/avg/max/mdev = 0 . 090/0 . 141/0 . 254/0 . 059 ms
- /\ (
D 9. U s e t h e ip c o m m a n d to d is p l a y the 1 Pv6 ro u t i n g ta b l e. N ote the d e fa u lt g ateway l i sted

-
for 1 Pv6.
RH254- R H EL 7 -en -1-201 40711 51

-
-
1-z;�o t@se � verX �] #
unreachable : : /96 dev lo metric 1024 error -101

�
unreachable : : ffff : 0 . 0 . 0 . 0/96 dev lo metric 1024 error -101
-·
unreachable 2002 : a00 : : /24 dev lo metric 1024 error -101

unreachable 2002 : 7f00 : : /24 dev lo metric 1024 error -101
ip - route
unreachable 2002 : a9fe : : /32 dev lo metric 1024 error -101

unreachable 2002 : ac10 : : /28 dev lo metric 1024 error -101
unreachable 2002 : c0a8 : : /32 dev lo metric 1024 error -101
unreachable 2002 : e000 : : /19 dev lo metric 1024 error -101
unreachable 3ffe : ffff : : /32 dev lo metric 1024 error -101
-
fddb : fe2a : ab1e : : /64 dev eno1 proto kernel metric 256
fe80 : : /64 dev eth0 proto kernel metric 256
fe80 : : /64 dev eno1 proto kernel metric 256
default via fddb : fe2a : ab1e : : c0a8 : fe dev eno1 proto static metric 1024
-
D 1 0. D i scove r other loca l 1 Pv6 n odes o n t h e netwo rk. P i n g t h e l i n k- l oca l a l l - n o d e s m u l t i cast
[ root@serverX - ] # pings ff02 : : 1%eno1

PING ff02 : : 1%eno1( ff02 : : 1) 56 data bytes
g r o u p (ff02 : : 1) t h ro u g h t h e eno1 i nterface to see w h a t other h osts res p o n d .
64 bytes from fe80 : : fc46 : acff : fefe : 10b7 : icmp_seq=l ttl=64 time=0 . 298 ms
64 bytes from fe80 : : 707e : 68ff : fe3e : fd23 : icmp_seq=1 ttl=64 time=0 . 306 ms ( DUP ! )
64 bytes from fe80 : : 707e : 68ff : fe3e : fd23 : icmp_seq=2 ttl=64 time=0 . 125 ms
-
64 bytes from fe80 : : fc46 : acff : fefe : 10b7 : icmp_seq=2 ttl=64 time=0 . 161 ms ( DUP ! )
-
-
-
- - - ff02 : : 1%eno1 ping statistics - - -

7 packets transmitted, 7 received, +7 duplicates, 0% packet loss, time 5999ms
-

AC
D 11. I d e nt i fy the i nte rfa ce confi g u ra t i o n fi l e for t h e eno1 n etwork i nterface i n

/ e t c / sysconfig/netwo r k - s c r i p t s . V i e w t h e fi l e contents a n d n ote w h i c h va ria b l e
assi g n m e nts re late to t h e I P v 6 confi g u ra t i o n t h a t w a s performed ea r l i e r.
-
52 R H254- R H E L 7 - e n -1 -20140711
-
-
[ root@serverX -]# ls /et c/sysconfig/netwo r k - sc ript s/ifcfg - *

G u i d e d exercise
/etc/sysconfig/network-scripts/ifcfg-enol
-
/etc/sysconfig/network- scripts/ifcfg- eth0

/etc/sysconfig/network- scripts/ifcfg -lo
[ root@serverX -]# cat /et c/sysconfig/netwo r k - sc ript s/ifcf g - enol
TY PE=Ethernet
-
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
-
IPV6INIT=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
-
NAME=enol
UUID=4214d89b-f409-4853-8e31-4e673845elal
IPV6_AUTOCONF=n o
DEVICE=enol
ONBOOT=yes
-
PEERDNS=yes
-
PEERROUTES=yes
IPV6ADDR= fddb : fe2a : a b 1 e : : cea B : 1/64
IPV6_DEFAUL TGW= fddb : fe2a : a b1 e : : ce a B : fe
-
R H 254-R H E L7-e n -1 -201 40711 53
-
-
L a b: M a n a g i n g 1 Pv6 N etwo r k i n g
Pe rfo r m a nce c h ec k l i st
I n t h i s l a b, you w i l l assig n static 1 Pv4 a n d 1 Pv6 a d d resses to a network i nte rface.
Machines
�·i*-
-
;serverX
Outcomes:
i nterface. I t wi l l b e confi g u red statica l l y w i t h a n 1 Pv4 a d d ress of 192.1 68.0.1 0 0/24 and a n 1 Pv6
se rverX w i l l have a N etwork M a n a g e r c o n n ec t i o n , ca l l e d enol, that m a n a g es the enol n etwork
a d d ress of f d d b :fe2a : a b1 e::c0a8:64/64.
Before you begin ...

• Reset the serverX system.
[student@serverx -]$
• Log into and set u p yo u r se rve rX syst e m .
i lab ipv6 setup

!
• Become t h e r oot user.
-
sudo - i
1. C reate a N etwo r k M a n a g e r c o n n e ct i o n , ca l l e d enol, that corre s p o n d s to t h e enol n etwork

i nte rfa ce.
2. Confi g u re enol w i t h a stat i c 1 Pv4 a d d ress of 1 92.168.0.1 0 0/24.
3. Confi g u re enol with a stat i c 1 Pv6 a d d ress of f d d b :fe2 a : a b1 e::c0a8:64/64.
4. Restart the enol network i n te rface and c o n f i r m its new 1 Pv4 and 1 Pv 6 a d d ress
confi g u ra t i o n .
-
5. P i n g t h e l o c a l 1 Pv4 g ateway, 192.1 6 8 .0.254, a n d t h e l oca l 1 Pv6 g ateway,
fdd b:fe2 a : a b1 e::c0a8:fe, to confi rm t hey c a n both be reac h e d t h ro u g h t h e enol i nte rface.
[student@serverx -]$ l a b ipv6

IPv4 address is correct
6. R u n t h e g ra d i n g script to verify y o u r work.
Output omitted
g r ade
. . . . . . . PASS
-�._ J
54 R H 254- R H E L 7 - e n -1 -20140711 -
-
Solution
-
-
Solution
I n t h i s l a b, you wi l l ass i g n sta t i c 1 Pv4 a n d 1 Pv6 a d d resses to a n etwork i nte rfa ce.
-
Outcomes:
- serverX w i l l have a N etwork M a n a g e r connection, ca l l ed enol, t h a t m a n ages t h e enol n etwork
i n te rface. I t w i l l b e config u red statica l l y w i t h a n 1 Pv4 a d d ress of 192.1 6 8 .0.1 00/24 and an 1 Pv6
a d d ress of fdd b:fe2 a : a bl e::c0 a 8 : 64/64.
-
Before you begin ...
• Reset t h e serverX system.
-
• Log i nto and set u p yo u r se rve rX syste m .
- lab ipv6 set u p
-
• Become t h e root u s e r.
L_
sudo - i
- __ ______
1. C reate a N etwork M a na g e r co n n e c t i o n , ca l l ed enol, t h a t corre s p o n d s to t h e enol network
[ root@serverx -]# nmcli con add con - name eno1 type e t he rnet ifname eno1
Connection ' eno1 ' (0d687259-c64b-4e5b-bece-cabbe952e46f) successfully added .
i nte rface.
-
[ root@serverx -]# nmcli con show

r--
- - - --- ---- -�- - - -- - -
- ----
- -�- - - - -

eno1 0d687259-c64b-4e5b- bece-cabbe952e46f 802-3-ethernet eno1
-
System eth0 5fb06bd0-0bb0- 7ffb-45f1-d6edd65f3e03 802-3-ethernet eth0
L__ -----�--� J
I [ root@serverX -]# nmcl� con

[ root@serverx -]#
2. Config u re enol with a static 1 Pv4 a d d ress of 1 92 .1 68.0.1 0 0/24.
�
-
mod eno1 ipv4 . addresses 192 . 16 . 0 . 190/24 1

J nmcli con mod eno1 ipv4 . method manual
- L- -�-�---�
[ root@serverx -]#
[ root@serverX -]#
3. C o n fi g u re enol w i t h a stat i c 1 Pv6 a d d ress of fd d b:fe2 a : a ble::c0a8:64/64.
- ;------
- - - ---
- --
--�--- -�-- - -
� -- -- ----�-- --�-��- - �---
! nmcli con mod eno1 ipv6 . addresses fddb : fe2a : ab1e : : c0a8 : 64/64
I nmcli con mod eno1 ipv6 . method manual
- --- I
-
4. Resta rt t h e enol network i nte rface a n d confirm its n e w 1 Pv4 a n d 1 Pv6 a d d ress
c o n fi g u ra t i o n .
-
4.1 . B o u nce t h e enol i nte rfa ce by ta k i n g it down, t h e n b r i n g i n g it b a c k u p.
-
R H 2 5 4- R H E L7-en-1-20140711 55
-
[ root@serverx - ] # nmcli c o n down enol
C h a pter 2. M a n a g i n g 1 Pv 6 N etwo r k i n g
[ root@serverX - ] # nmcli con u p enol

Connection successfully activated ( D-Bus active path : /org/freedesktop/
NetworkManager/ActiveConnection/2 )
-
[ root@serverX - ] # i p add r s how d e v enol

4 : eno1: <BROADCAST, MULTICAST, UP, LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
4.2. Use t h e ip add r co m m a n d to confi r m t h e i nterface's confi g u ra t i o n .
qlen 1000
link/ether ca : 8a : 8f : 84 : e4 : 8f brd ff : ff : ff : ff : ff : ff
inet 192 . 168 . 0 . 100/24 brd 192 . 168 . 0 . 255 scope global eno1
-

inet6 fddb : fe2a : ab1e : : c0a8 : 64/64 scope global
inet6 fe80 : : c88a : 8fff : fe84 : e48f/64 scope link
L._.�� - -��---'
-
N otice t h e new i n et a d d ress ent ry.
5. P i n g t h e l oca l 1 Pv4 g ateway, 1 92.1 6 8 .0.254, and t h e loca l 1 Pv6 gateway,
[student@serverx - ] $ ping I enol 192 . 168 . 9 . 254

PING 192 . 168 . 0 . 254 ( 192 . 168 . 0 . 254) from 192 . 168 . 0 . 100 eno1 : 56( 84 ) bytes of data.
fdd b:fe2a:a b1e::c0a 8:fe, to confi rm t h ey ca n both be rea c h e d t h ro u g h t h e enol i nte rface.
64 bytes from 192 . 168 . 0 . 254 : icmp_seq=1 ttl=64 time=0 . 099 ms

-

AC
- - - 192 . 168 . 0 . 254 ping statistics - - -
[student@serverX - ] $ ping& - I e n o l fddb : fe2a : ab1e : : caas : fe
PING fddb : fe2a : ab1e : : c0a8 : fe(fddb : fe2a : ab1e : : c0a8 : fe) from fddb : fe2a : ab1e : : c0a8 : 64
eno1 : 56 data bytes
AC
- - - fddb : fe2a : ab1e : : c0a8 : fe ping statistics - - -
rtt min/avg/max/mdev = 0 . 049/0 . 100/0 . 150/0 . 042 ms -
[student@serverx - ] $ lab ipv6 g rade

IPv4 address is correct . . . . . . . PASS
6. Run the g ra d i n g s c r i pt to verify yo u r work.
. . . Output omitted . . .
56 R H 254- R H E L7 - e n -1 -20140711 -
-
Solution
-
S u m m a ry
-
Review of 1 Pv4 N etwork i n g Confi g u ra t i o n

I n t h i s sect i o n , st u d e nts l e a rned how t o :
• Confi g u re 1 Pv4 netwo r k i n g u s i n g nmc li.
• Confi g u re 1 Pv4 n etwo r k i n g u s i n g / e t c/sysconfig/netwo r k - s c r i p t s/ifcfg - *

f i l es.
- 1 Pv6 N etwo r k i n g C o n cepts

In this sect i o n , stu de nts l ea r n e d how to:
- • E x p l a i n the basic deta i l s of 1 Pv6 n etworki n g .
• I nt e r p ret text represe ntat i o n s o f 1 Pv 6 a d d resses.

-
1 Pv6 N et wo r k i n g Config u ra ti o n
In t h i s sect i o n , st u d e nts l ea r n ed how to:
-
• Confi g u re 1 Pv 6 n etwo r k i n g using nmcli.
• Confi g u re 1 Pv 6 n etwo r k i n g u s i n g / e t c / sysconfig/netwo r k - sc r i p t s/ifcfg - *

-
f i l es.
- R H254- R H E L7 - e n -1-201 40711 57
-
-
-
'
�
I
--
58
......

Linux Essential D 2 of 4 PDF

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Linux Essential D 2 of 4 PDF

Caricato da

Copyright:

Formati disponibili

red h at ®

CONTROLLING SERVICES AND

Goal To review how to m a n a g e services and the boot - u p p rocess

Objectives • M a n a g e h ow syst emd starts up syst em d a e m o n s a n d

• Control a n d troubleshoot system b o ot u s i n g s y s t emd

Sections • Contro l l i n g S e rvices w i t h sys t emc t l ( a n d Practi ce)

• Contro l l i n g the B oot P rocess (and P ract i ce)

Lab • Contro l l i n g Services a n d D a e m o n s

Cont ro l l i n g S e rv i ces w i t h syst e m ct l

• Contro l syste m d a e m o n s a n d netwo r k services u s i n g sys t emc t l.

System sta r t u p a n d s e rver p rocesses a re m a n a g e d by t h e systemd System and Service Manager.

p rocesses, bot h a t b oot time a n d o n a r u n n i n g syst e m .

Daemons a re p rocesses t h a t w a i t o r r u n i n t h e b a c kg ro u n d p e rfo r m i n g va r i o u s t a s k s . To l i sten fo r -

con nect i o n s, a d a e m o n uses a socket. Soc kets m a y be created by d a e m o n s o r may be separated

i nte rfaces), w h i c h does n ot i nvo l ve l e a v i n g a d a e m o n p rocess r u n n i n g afte rwa rd.

Less freq u e n t l y u sed d a e m o n s were started o n d e m a n d by a n ot h e r service, s u c h a s initd or

I n R e d H at E nterprise L i n u x 7, process I D 1 is sys t emd, t h e new i n it syst e m . A few of t h e new

• O n -d e m a n d sta rt i n g of d a e m o n s w i t h o u t req u i r i n g a sepa rate service.

• Automatic se rvice d e p e n d ency m a n a g e m e n t p revents long t i m eouts, s u c h a s not sta rti n g a

• A met h o d of t ra c k i n g re l ated p rocesses toget h e r u s i n g L i n u x control g ro u ps.

2 R H 254-R H E L 7-en-1 -20140711 -

I nt rod u c t i o n to sys t emd

syst emc t l and syst emd u n its

S o m e c o m m o n u n i t types a re l i sted as fo l l ows:

• Service units h a ve a .service exte n s i o n and re p rese n t system services. T h is type of u n it is u s e d

• Socket units h ave a .socket exte n s i o n a n d re p resent i nt e r p rocess c o m m u n i c a t i o n ( I PC ) sockets.

• Path units h a v e a . p a t h exte n s i o n a n d a re used to d e l a y t h e activat i o n of a service u nt i l

F e b 27 11 : 51 : 39 s e rve r 0 . example . com s y s t em d [ 1 ] : S t a r t ed OpenSSH s e r v e r d aemon .

Seve ra l keywords i n d i c a t i n g t h e state of t h e service c a n be fo u n d i n t h e status o u t p ut:

active ( r u n n i n g ) R u n n i n g w i t h o n e o r m o re cont i n u i n g p rocesses.

a c t i v e (wa i t i n g ) R u n n i n g b u t wa i t i n g fo r a n eve nt.

C h a pter l . Contro l l i n g S e rv i ces a n d D a e m o n s

disabled W i l l not be sta rted a t b o o t ti me.

• Q u e ry t h e state of a l l u n its to verify a system sta rtup.

!; [ ro o t @ s e r v e r X - ] # systemctl s t a t u s rngd . se rvice -1

• T h e s t a t u s a rg u m e n t m a y a l so be used to determ i n e if a pa rti c u l a r u n it is active a n d s h ow if

l� ot@s ;� v e r X - ]� systemct� �� - act �ve sshd

[ r oot@s e r v e r X - ] # systemctl list - u nit - files - - type=se rvice -

[ root@se r v e r X - ] # syst mct - f led

4 R H 254- R H E L 7-en-1 -20140711 -

Sta r t i n g a n d sto p p i n g system d a e m o n s o n a r u n n i n g system

Sta rt i n g a n d sto p p i n g syste m d a e m o n s on a r u n n i n g

• View t h e stat u s of the sshd se rvi ce.

[ r oot@serverx - ] # systemc t l status sshd . se rvice

[ r oot@se rve r X - ] # ps - up 1673

• Stop t h e service a n d verify t h e status.

[ r o o t @ s e r v e r x - ] # systemctl s t o p sshd . service

• Start t h e service a n d v i ew t h e stat u s. The p rocess I D h a s c h a n g e d .

[ r o o t @ s e r v e r X - ] # systemctl s t a r t sshd . se rvice

- [ r oot@serverX - ] # systemctl restart sshd . se rvice

• I ss u e i nst r u c t i o n s for a service to r e a d a n d re l o a d its confi g u ra t i o n fi l e w i t h o ut a co m p l ete sto p

[ ro o t @ s e r v e r x - ] # systemctl reload sshd . se rvice

Loaded : loaded ( / u s r/lib/sys t em d / s y s t e m/ s s h d . se rvice ; enabled }

a n d firewa l l d ) . To prevent a n a d m i n istrator f ro m a c c i d e nta l l y start i n g a se rvice, a service may be

�1 [ r oot@s e r v e r x - ] # systemctl mask netwo r k

[ r oot@s e r v e r x - ] # systemctl unmask netwo r k

• View t h e sta t u s of a service.

[ root@s e r v e r x - ] # systemctl s t a t u s sshd . se rvice

[ r oo t @ s e r v e r x - ] # systemc t l disable sshd . se rvice

- sys t emc t l u nmas k UNIT M a ke a m a s ked service ava i l a b le.

C h a pter 1 . C o n t ro l l i n g S e rvices a n d Dae m o n s

I n t h i s l a b, you w i l l m a n a g e a service u n it that i s a l ready i n sta l l e d o n t h e system.

D 1. Observe t h e res u l ts o f t h e systemc t l r e s t a r t a n d syst emc t l reload co m m a nd s .

b e a sym b o l i c l i n k ( i n / e t c / syst emd /system/) to e i t h e r g r aphical . t a r get o r mult i

T h e sys t emc t l too l p rovides two c o m m a n d s to m a n a ge t h e l i n k: get - default a n d s e t