DOCSLIB.ORG

Oracle Linux System Administration

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Oracle Linux System Administration Oracle Linux System Administration Student Guide – Volume II D74508GC10 Edition 1.0 August 2012 D78745 Author Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Craig McBride Disclaimer This document contains proprietary information and is protected by copyright and Technical Contributors and Reviewers other intellectual property laws. You may copy and print this document solely for your own use in an Oracle training course. The document may not be modified or altered in Avi Miller any way. Except where your use constitutes "fair use" under copyright law, you may Elena Zannoni not use, share, download, upload, copy, print, display, perform, reproduce, publish, Lenz Grimmer license, post, transmit, or distribute this document in whole or in part without the express authorization of Oracle. Sergio Leunissen Waseem Daher The information contained in this document is subject to change without notice. If you Wim Coekaerts find any problems in the document, please report them in writing to: Oracle University, Al Flournoy 500 Oracle Parkway, Redwood Shores, California 94065 USA. This document is not warranted to be error-free. Harald Van Breederode Joel Goodman Restricted Rights Notice Manish Kapur If this documentation is delivered to the United States Government or anyone using Soeren Binner the documentation on behalf of the United States Government, the following notice is Jeremy Smyth applicable: Yasar Akthar U.S. GOVERNMENT RIGHTS Javier Saiz The U.S. Government’s rights to use, modify, reproduce, release, perform, display, or Ozgur Yuksel disclose these training materials are restricted by the terms of the applicable Oracle Antoinette O’Sullivan license agreement and/or the applicable U.S. Government contract. Frank Allan Trademark Notice Gavin Bowe Gino Kawalski Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Jeff Suchomel Rob Swank Ron Hardin Michele Dady Matt Taylor Graphic Designer Maheshwari Krishnamurthy Editors Richard Wallis Raj Kumar Daniel Milne Smita Kommini Publishers Giri Venugopal Michael Sebastian Almeida Contents 1 Course Introduction Course Objectives 1-2 Course Schedule 1-3 Lesson Objectives 1-6 Virtualization with Oracle VM Server 1-7 Oracle VM Server in the Classroom 1-8 Summary 1-10 Practices Overview 1-11 2 Introduction to Oracle Linux Objectives 2-2 Linux Kernel 2-3 The GNU Project 2-5 GNU General Public License (GPL) 2-6 Linux Kernel Development Model 2-8 Mainline Kernel Development Continues 2-10 Linux Distributions 2-11 Oracle Linux 2-13 Oracle’s Technical Contributions to Linux 2-14 Oracle Linux: Compatible with Red Hat Enterprise Linux (RHEL) 2-16 Unbreakable Enterprise Kernel 2-18 Unbreakable Enterprise Kernel Release 1 2-19 Unbreakable Enterprise Kernel Release 2 2-22 Tracking Mainline 2-25 DTrace 2-26 Btrfs Filesystem 2-27 Oracle Linux Release Notes 2-28 Summary 2-29 Quiz 2-30 Practice 2: Overview 2-32 3 Installing Oracle Linux Objectives 3-2 Obtaining Oracle Linux 3-3 Oracle Software Delivery Cloud 3-4 iii The Anaconda Installer 3-5 The Boot Menu 3-6 Boot Options 3-7 Media Test 3-8 Language Selection 3-9 Keyboard Selection 3-10 Storage Devices Selection 3-11 Setting the Host Name 3-12 Configuring Network 3-13 IPv4 Settings 3-14 Time Zone Selection 3-15 Setting Root Password 3-16 Disk Partitioning Setup 3-17 Storage Devices 3-18 Default Partition Layout 3-19 Create Custom Layout 3-20 Standard Partition 3-21 Confirming Partitions 3-23 Boot Loader Selection 3-24 Quiz 3-25 Software Package Selection 3-26 Customize the Package Selection 3-28 Software Installation 3-29 FirstBoot Tool 3-30 Unattended Installation with Kickstart 3-31 Quiz 3-33 Summary 3-34 Practice 3: Overview 3-35 4 Linux Boot Process Objectives 4-2 Linux Boot Process 4-3 Master Boot Record (MBR) 4-4 GRUB Bootloader 4-5 GRUB Configuration File 4-7 GRUB Menu 4-10 Editing a GRUB Menu Option 4-11 Kernel Boot Parameters 4-12 GRUB Command Line 4-14 The /sbin/init Process 4-15 SysV init Runlevels 4-16 iv Working with Runlevels 4-17 The /etc/inittab File 4-19 The /etc/rc.d Directory 4-22 Stopping and Starting Services 4-24 Configuring Services 4-25 The ntsysv Utility 4-27 Summary 4-28 Quiz 4-29 Practice 4: Overview 4-32 5 System Configuration Objectives 5-2 The /etc/sysconfig Directory 5-3 The /proc File System 5-5 Top-Level Files Within /proc 5-7 Process Directories in /proc 5-9 Other Directories in /proc 5-10 sysfs File System 5-12 sysctl Utility 5-14 Quiz 5-16 Summary 5-19 Practice 5: Overview 5-20 6 Package Management Objectives 6-2 Introduction to Package Management 6-3 The rpm Utility 6-4 Oracle Public yum Server 6-6 yum Configuration 6-8 The yum Utility 6-10 yum Groups 6-12 Unbreakable Linux Network (ULN) 6-13 ULN Channels 6-14 Kernel RPM Packages 6-16 Switching from RHN to ULN 6-17 Quiz 6-19 Summary 6-21 Practice 6: Overview 6-22 v 7 Ksplice Objectives 7-2 Introduction to Ksplice 7-3 How Ksplice Works 7-4 Ksplice Implementation 7-5 Generating an Access Key Through ULN 7-6 Creating Your Oracle Ksplice Uptrack Account 7-7 Setting Up Your Server with the Uptrack Tools 7-8 Installation Instructions 7-10 Manual Installation Instructions for Oracle Linux 7-11 Using Ksplice Uptrack 7-12 Ksplice Uptrack Command Summary 7-13 System Status 7-14 System Updated 7-15 Quiz 7-16 Summary 7-17 8 Automating Tasks Objectives 8-2 Automating System Tasks 8-3 Configuring cron Jobs 8-4 Other cron Directories and Files 8-6 crontab Utility 8-8 Configuring anacron Jobs 8-9 at and batch 8-11 Quiz 8-13 Summary 8-14 Practice 8: Overview 8-15 9 System Logging Objectives 9-2 System Log File Configuration 9-3 Facility/Priority-Based Filters 9-5 rsyslog Actions 9-7 rsyslog Templates 9-9 Configuring Log Rotation (logrotate) 9-11 logwatch 9-13 Quiz 9-14 Summary 9-15 Practice 9: Overview 9-16 vi 10 Kernel Module Configuration Objectives 10-2 Loadable Kernel Modules (LKM) 10-3 Loading and Unloading Kernel Modules 10-5 Kernel Module Parameters 10-8 Quiz 10-10 Summary 10-11 Practice 10: Overview 10-12 11 User and Group Administration Objectives 11-2 Introduction to Users and Groups 11-3 User and Group Configuration Files 11-4 Adding a User Account 11-6 Modifying or Deleting User Accounts 11-9 Group Account Administration 11-10 User Private Groups 11-12 Password Configuration 11-14 The /etc/login.defs File 11-16 User Manager Tool 11-17 User/Group Administration in the Enterprise 11-18 Quiz 11-19 Summary 11-21 Practice 11: Overview 11-22 12 Oracle Linux File Systems Objectives 12-2 Disk Partitions 12-3 Partition Table Manipulation Utilities 12-5 The fdisk Utility 12-6 Using the fdisk Utility 12-8 cfdisk Utility 12-11 parted Utility 12-12 File System Types 12-14 Making File Systems 12-16 Mounting File Systems 12-18 /etc/fstab File 12-21 Maintaining File Systems 12-22 Access Control Lists (ACLs) 12-24 Quiz 12-26 Swap Space 12-27 vii Disk Quotas 12-29 Configuring Disk Quotas 12-30 Quiz 12-33 Summary 12-34 Practice 12: Overview 12-35 13 Storage Administration Objectives 13-2 Logical Volume Manager (LVM) 13-3 LVM Configuration: Example 13-4 Physical Volume Utilities 13-5 Volume Group Utilities 13-7 Logical Volume Utilities 13-9 Making Logical Volumes Usable 13-11 Redundant Array of Independent Disks (RAID) 13-13 mdadm Utility 13-15 Making RAID Devices Usable 13-17 Encrypted Block Devices 13-18 cryptsetup Utility 13-19 Making an Encrypted Device Usable 13-21 The kpartx Utility 13-22 Quiz 13-24 Summary 13-25 Practice 13: Overview 13-26 14 Network Configuration Objectives 14-2 Network Interfaces 14-3 Additional Network Configuration Files 14-5 Command-Line Network Interface Utilities 14-7 Network Interface Bonding 14-9 VLANs 14-11 route Utility 14-13 NetworkManager 14-15 Network Connections Window 14-18 system-config-network Utility 14-19 Device Configuration 14-20 DNS Client Configuration 14-21 Quiz 14-22 Summary 14-23 Practice 14: Overview 14-24 viii 15 Network Addressing and Name Services Objectives 15-2 Introduction to DHCP 15-3 Configuring a DHCP Server 15-4 Configuring a DHCP Client 15-7 Introduction to DNS 15-9 Nameserver Types 15-10 BIND 15-11 DNS Cache-Only Nameserver 15-12 Starting a DNS Cache-Only Nameserver 15-15 Zone Files 15-16 Reverse Name Resolution 15-18 rndc Utility 15-20 host and dig Utilities 15-22 Quiz 15-23 Summary 15-24 Practice 15: Overview 15-25 16 File Sharing Objectives 16-2 Introduction to NFS 16-3 NFS Server Configuration 16-6 Starting the NFS Service 16-8 The exportfs Utility 16-9 NFS Client Configuration 16-10 Auto-Mounting File Systems 16-12 Introduction to Samba 16-15 Samba Daemons and Services 16-16 Samba Server Configuration 16-17 Samba Server Types 16-19 Access Linux Shares from Windows 16-22 Access Windows Shares from Linux 16-24 Samba Utilities 16-25 Introduction to vsftpd 16-27 vsftpd Configuration Options 16-28 Quiz 16-30 Summary 16-31 Practice 16: Overview 16-32 ix 17 OpenSSH Objectives 17-2 Introduction to OpenSSH 17-3 OpenSSH Configuration Files 17-4 OpenSSH Configuration 17-6 Using OpenSSH Utilities 17-7 Using the ssh Command 17-9 Using the scp Command 17-10 Using the sftp Command 17-11 Using the ssh-keygen Command 17-12 Quiz 17-14 Summary 17-15 Practice 17: Overview 17-16 18 Authentication and Directory Services Objectives 18-2 Authentication Options 18-3 Authentication Configuration Tool 18-4 NIS Authentication 18-5 NIS Maps 18-6 NIS Server Configuration 18-8 NIS Client Configuration 18-10 Implementing NIS Authentication 18-11 Lightweight Directory Access Protocol (LDAP) 18-13 OpenLDAP 18-15 OpenLDAP Server Utilities 18-17 OpenLDAP
Load more

Recommended publications
  • Oracle® Linux Administrator's Solutions Guide for Release 6
    Oracle® Linux Administrator's Solutions Guide for Release 6 E37355-64 August 2017 Oracle Legal Notices Copyright © 2012, 2017, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S.
    [Show full text]
  • Adaptive Android Kernel Live Patching
    Adaptive Android Kernel Live Patching Yue Chen Yulong Zhang Zhi Wang Liangzhao Xia Florida State University Baidu X-Lab Florida State University Baidu X-Lab Chenfu Bao Tao Wei Baidu X-Lab Baidu X-Lab Abstract apps contain sensitive personal data, such as bank ac- counts, mobile payments, private messages, and social Android kernel vulnerabilities pose a serious threat to network data. Even TrustZone, widely used as the se- user security and privacy. They allow attackers to take cure keystore and digital rights management in Android, full control over victim devices, install malicious and un- is under serious threat since the compromised kernel en- wanted apps, and maintain persistent control. Unfortu- ables the attacker to inject malicious payloads into Trust- nately, most Android devices are never timely updated Zone [42, 43]. Therefore, Android kernel vulnerabilities to protect their users from kernel exploits. Recent An- pose a serious threat to user privacy and security. droid malware even has built-in kernel exploits to take Tremendous efforts have been put into finding (and ex- advantage of this large window of vulnerability. An ef- ploiting) Android kernel vulnerabilities by both white- fective solution to this problem must be adaptable to lots hat and black-hat researchers, as evidenced by the sig- of (out-of-date) devices, quickly deployable, and secure nificant increase of kernel vulnerabilities disclosed in from misuse. However, the fragmented Android ecosys- Android Security Bulletin [3] in recent years. In ad- tem makes this a complex and challenging task. dition, many kernel vulnerabilities/exploits are publicly To address that, we systematically studied 1;139 An- available but never reported to Google or the vendors, droid kernels and all the recent critical Android ker- let alone patched (e.g., exploits in Android rooting nel vulnerabilities.
    [Show full text]
  • Protecting Your Linux Systems with Oracle Ksplice
    Staying Ahead of Cyberthreats: Protecting Your Linux Systems with Oracle Ksplice The Advantages Of Zero-Downtime Patching April 23, 2020 Copyright © 2020, Oracle and/or its affiliates Public TABLE OF CONTENTS Introduction 2 Why Patching Matters 2 About Oracle Ksplice 3 Other Benefits 3 Conclusion 4 Learn More 4 1 WHITE PAPER | Staying Ahead of Cyberthreats: Protecting Your Linux Systems Copyright © 2020, Oracle and/or its affiliates |Public INTRODUCTION IT systems require regular patching for security, performance, and compliance reasons. For Linux operating system (OS) kernel updates, which include “Availability requirements important new security enhancements and bug fixes, releases happen about 1 are on the rise for once per month. These updates help keep systems current with the latest organizations undergoing innovations. However, manually patching systems has many inherent digital transformations. challenges and difficulties which tends to delay their timely application. For this Downtimes are costly, reason, zero-downtime patching solutions for Linux, like Oracle Ksplice, are with unplanned becoming essential tools. In this paper, Oracle Ksplice’s capabilities and many infrastructure downtimes advantages are explained. costing $100,000 per hour on an average. With Why Patching Matters the possibility of every organization being a Inadequate patch management can leave loopholes in the IT infrastructure leading to target for cyberattacks various security and performance issues. Ideally, patches should be applied shortly after and attackers moving very release to ensure the latest system protections. Patching typically requires downtime quickly to exploit system which, depending on operations, can require weeks or months of advanced planning. vulnerabilities, IDC Most Linux patching also traditionally happens at the disk level for file systems, which has recommends several disadvantages.
    [Show full text]
  • Kshot: Live Kernel Patching with SMM and SGX
    KShot: Live Kernel Patching with SMM and SGX Lei Zhou∗y, Fengwei Zhang∗, Jinghui Liaoz, Zhengyu Ning∗, Jidong Xiaox Kevin Leach{, Westley Weimer{ and Guojun Wangk ∗Department of Computer Science and Engineering, Southern University of Science and Technology, Shenzhen, China, zhoul2019,zhangfw,ningzy2019 @sustech.edu.cn f g ySchool of Computer Science and Engineering, Central South University, Changsha, China zDepartment of Computer Science, Wayne State University, Detroit, USA, [email protected] xDepartment of Computer Science, Boise State University, Boise, USA, [email protected] Department of Computer Science and Engineering, University of Michigan, Ann Arbor, USA, kjleach,weimerw @umich.edu { f g kSchool of Computer Science and Cyber Engineering, Guangzhou University, Guangzhou, China, [email protected] Abstract—Live kernel patching is an increasingly common kernel vulnerabilities also merit patching. Organizations often trend in operating system distributions, enabling dynamic up- use rolling upgrades [3], [6], in which patches are designed dates to include new features or to fix vulnerabilities without to affect small subsystems that minimize unplanned whole- having to reboot the system. Patching the kernel at runtime lowers downtime and reduces the loss of useful state from running system downtime, to update and patch whole server systems. applications. However, existing kernel live patching techniques However, rolling upgrades do not altogether obviate the need (1) rely on specific support from the target operating system, to restart software or reboot systems; instead, dynamic hot and (2) admit patch failures resulting from kernel faults. We patching (live patching) approaches [7]–[9] aim to apply present KSHOT, a kernel live patching mechanism based on patches to running software without having to restart it.
    [Show full text]
  • Porting Linux Embedded Linux Conference (Europe)
    Porting Linux Embedded Linux Conference (Europe) Porting Linux About Jon Masters ● Been playing with Linux for 14 years (and the kernel for 13 of those), since the age of 13. ● Built embedded NMR scientific instruments, worked with Montavista UK, now at Red Hat. ● Author of the LKML Summary Podcast and the kernel column in Linux User & Developer. ● Co-author of Building Embedded Linux Systems (second edition) – O'Reilly (2008) ● My car still has an empeg :) Porting Linux Overview ● Why port Linux anyway? ● Background pre-requisities ● Early board work ● Bootloader bringup ● Initial kernel bringup ● Debugging ● Working with Upstream ● Trends Porting Linux Why port Linux anyway? ● Linux is very portable ● Supports 23 architectures in the upstream “mainline” kernel tree of Linus Torvalds. ● Kernel is mostly written in C, with some assembly (most architectures only need a dozen such files) ● Split between high-level generic functions and low- level functions to abstract architectural differences. Porting Linux Why port Linux anyway? ● Linux is competitive ● The number of Linux kernel developers contributing to the official kernel has tripled since 2005. ● Feature growth continues with an average of 10K new lines of source code added every day. ● In the hour you spend here 5.45 patches will on average be added to the upstream Linux kernel. ● Source: Linux Foundation analysis Porting Linux Why port Linux anyway? ● Linux is cost effective. ● A large amount of code to build upon. ● Large (growing) community of developers. ● I think we all know the rest. Porting Linux Background pre-requisities ● Hardware ● Development board or simulator – Optional debugger, some kind of UART – Boards range in value from $200-$crazy – Implement the same architecture and platform as the final design but maybe with a number of hacks.
    [Show full text]
  • Oracle Linux System Administration I
    Oracle Linux System Administration I Dieser Kurs im Web Die Schulung hilft Ihnen, eine Reihe von Fähigkeiten zu entwickeln, einschließlich der Installation, der Verwendung des Unbreakable Enterprise Kernel, der Alle tagesaktuellen Informationen Konfiguration von Linux-Diensten, der Vorbereitung des Systems für die Oracle- und Möglichkeiten zur Bestellung finden Sie unter dem folgenden Link: Datenbank, der Überwachung und der Fehlerbehebung. www.experteach.de/go/026S Nach diesem Kurs verfügen Sie über das Wissen und die Fähigkeiten, typische Vormerkung Probleme von Administratoren zu lösen, und verstehen das Kernel- Sie können auf unserer Website einen Platz Entwicklungsmodell und die Linux-Distributionen. Machen Sie sich damit vertraut, kostenlos und unverbindlich für 7 Tage reservieren. wie Oracle Linux Ihnen die neuesten Linux-Innovationen bietet, die extreme Dies geht auch telefonisch unter 06074 4868-0. Leistung, erweiterte Skalierbarkeit und Zuverlässigkeit für Garantierte Kurstermine Unternehmensanwendungen und -systeme ermöglichen. Für Ihre Planungssicherheit bieten wir stets eine große Auswahl garantierter Kurstermine an. Kursinhalt • Course Introduction Ihr Kurs maßgeschneidert • Introduction to Oracle Linux Diesen Kurs können wir für Ihr Projekt exakt an • Installing Oracle Linux 7 Ihre Anforderungen anpassen. • Oracle Linux 7 Boot Process • System Configuration • Package Management • Ksplice • Automate Tasks • Kernel Module Configuration • User and Group Administration • Partitions, File Systems, and Swap • Implementing the XFS File System • Implementing the Btrfs File System • Storage Administration • Network Configuration • File Sharing • OpenSSH Service • Security Administration • Oracle on Oracle • System Monitoring E-Book Sie erhalten die englischsprachigen Original-Unterlagen in Form eines Oracle University eKits. Zielgruppe • System Administrator • Linux Administrator • Entwickler Voraussetzungen • Arten von Benutzerkonten & Arbeiten mit Dateien und Verzeichnissen unter Unix • Textbearbeitung mit vi & Unix-Prozesskontrolle Training Preise zzgl.
    [Show full text]
  • Oracle Ksplice for Oracle Linux
    Oracle Ksplice for Oracle Linux Oracle Corporation Oracle Corporation Oracle Ksplice Oracle Ksplice is an exciting new addition to the Oracle Linux Premier Support subscription. The Oracle Ksplice technology allows customers to update their systems with new kernel security errata (CVEs) without the need to reboot the system. This allows customers to remain current with their OS vulnerability patches while at the same time minimizing downtime. Oracle Ksplice actually actively applies these updates to the running kernel image, not just an on-disk change that would only take effect after a subsequent reboot. As a general rule, the Linux kernel receives security updates approximately once a month. For any general purpose Operating System on the market today, applying these updates requires the system administrator to schedule downtime and reboot the server into the new OS kernel with the security updates. As system setups become more and more complex with multi-system interdependencies, the ability to schedule reboots is becoming more and more difficult and costly. Oracle Ksplice is available as part of the Oracle Linux Premier and Premier Limited support subscriptions. It is also part of the Oracle Premier Support for Systems and Operating Systems subscriptions offering. Oracle Linux Basic, Basic Limited and Network Support subscribers can contact their sales representatives to discuss potential upgrade of their subscription to a Premier Support plan. Another requirement for the Oracle Ksplice updates, is the use of the Oracle Unbreakable Enterprise Kernel(UEK). The lowest Linux kernel version at time of writing is 2.6.32-100.28.9. This kernel (and newer) can be installed on both Oracle Linux(OL) 5 and 6 distribution versions.
    [Show full text]
  • Oracle Linux and the Unbreakable Enterprise Kernel, Including Premier
    ORACLE DATA SHEET Oracle Linux The Oracle Linux operating system is engineered for open cloud infrastructure. It delivers leading performance, scalability, reliability and security for enterprise SaaS and PaaS workloads as well as traditional enterprise applications. Oracle Linux Support offers access to award-winning Oracle support resources and Linux support specialists, zero-downtime updates using Ksplice, additional management tools such as Oracle Enterprise Manager and lifetime support, all at a low cost. Unlike many other commercial Linux distributions, Oracle Linux is easy to download and completely free to use, distribute and update. KEY FEATURES Latest Linux Innovations • Free to use, free to distribute, free to Oracle Linux comes with a choice of two kernels, the Unbreakable Enterprise Kernel update (UEK), which is installed and enabled by default, and the Red Hat Compatible Kernel. • Zero-downtime kernel, hypervisor UEK tracks the latest Linux kernel releases, supplying more innovation than other and user space updates with Ksplice commercial Linux kernels while providing binary compatibility with applications certified • Comprehensive kernel and to run on Red Hat Enterprise Linux. UEK is designed for enterprise workloads requiring application tracing with DTrace stability, scalability and performance, such as Oracle Database. • Linux management and high availability included at no additional Oracle Linux delivers advanced features for supporting and optimizing the latest charge for Oracle Linux Support enterprise hardware and software. For example: customers • Optimized for Oracle, including Ksplice Zero Downtime Updates – Available to Oracle Linux Premier Support Oracle Database and Oracle customers, Ksplice technology updates the kernels, hypervisors and critical user Applications space libraries without requiring a reboot or interruption.
    [Show full text]
  • Oracle Linux Ksplice Hands‑On LAB
    Oracle Linux Ksplice Hands‑on LAB This hands‑on lab takes you through several steps on how‑to provide zero downtime kernel updates to your Oracle Linux server thanks to Oracle Ksplice, the service and utility capable of introducing hot‑patch capabilities for Kernel, Hypervisor and User‑Space components like glibc and openssl. The entire hands‑on lab runs on an Oracle VM VirtualBox virtual machine based on Oracle Linux 7.4, it receives the Ksplice updates from a local repository. In the lab we do the following steps: Inspect the kernel and search for vulnerabilities Perform Local Denial of Service attack based on found vulnarability (CVE‑14489) Apply Ksplice kernel patches as rebootless updates The Ksplice client is available in online or offline mode, in this hands‑on lab we use the offline Ksplice client. The offline version of the Ksplice client removes the requirement that a server on your intranet has a direct connection to the Oracle Ksplice server or to Unbreakable Linux Network (ULN). All available Ksplice updates for each supported kernel version or user‑space package are bundled into an RPM that is specific to that version. This package is updated every time a new Ksplice patch becomes available for the kernel. Preparation First, import the Virtual Machine template in VirtualBox on your laptop, use the preconfigured OVA template from the instructor. There are two versions: oraclelinux-7.4-kspliceoffline (CLI version) oraclelinux-7.4-gui_kspliceoffline (GUI version) Depending on your preference install one of the VMs and when imported start the VM with a normal start.
    [Show full text]
  • Ksplice – Is Rebooting Your Oracle Linux Database Server Now Obsolete?
    Ksplice – Is Rebooting Your Oracle Linux Database Server Now Obsolete? Robert Bialek Trivadis GmbH Munich, DE Keywords: Ksplice, Ksplice Uptrack, Uptrack API, Oracle Enterprise Linux, Zero Downtime Kernel Patches, High Availability, Dynamic Software Updating, ELSA, ELBA. Introduction Applying important Linux kernel patches and security updates might be a painful task. While many operating system updates are online and might be applied without disrupting the running services, the operating system kernel is always an exception. To activate the new version of the installed patched kernel a reboot is required, which leads to a service outage as well as loss of all software states on that server. Moreover, in case of a problem with the new version, a fallback to the old kernel would again lead to a server downtime. Ksplice patches are mostly well-known as a way to address very efficiently and quickly a kernel security bug. But actually, they are more than that. A detailed look at the released Ksplice patches reveals that they also include many fixes for critical kernel bugs. Furthermore, Ksplice technology is not only limited to security or critical kernel bugs – it can also be used by Oracle Support to create online kernel diagnostic patches which help to turn, on demand, the running kernel into a debug mode. For kernel bugs or CVEs (Common Vulnerabilities and Exposures) classified by Oracle as important, appropriate Ksplice patches will be created and made available via ULN (Unbreakable Linux Network). This paper will describe how to use and configure Ksplice to apply or rollback Oracle Enterprise Linux kernel patches without rebooting.
    [Show full text]
  • Oracle and Lenovo X6 Validated Configuration Guide
    Front cover Oracle and Lenovo X6 Validated Configuration Guide Read about the validated Take advantage of the bold, configurations you can use in your cost-effective benefits of scale-up environment today topology Understand the significant value of Save energy, time, and more, by configurations validated by applying these validations in your industry leaders environment Randall Lundin Ajay Dholakia John Encizo Karen Lawrence Abstract This paper describes a validated reference configuration to successfully implement Oracle Database 12c running on Oracle Linux 7.2 and Oracle Unbreakable Enterprise Kernel (UEK), and hosted on a clustered pair of Lenovo System x3950 X6 servers. This configuration is intended for enterprise-level businesses with scaled-up, converged infrastructures, in which cost-effectiveness and productivity are a must. This paper explains the benefits of a scale-up Oracle database solution based on the 8-socket System x3950 X6 servers. It describes the validation process and the exact configuration used in the testing. The paper also provides additional information on the testing methodology and the tools used. This paper and the validated configuration it describes is for enterprise customers looking to implement a high-performance fault-tolerant Oracle solution. Contents Executive summary . 3 Key takeaways . 3 The cost-effective benefits of scale-up topology . 4 Scope of the Oracle Validated Configuration Program . 6 Key configurations, products, and tools . 6 Key validation tool: Oracle Linux Test . 10 Validated configuration. 11 Additional guidance . 13 Conclusions . 16 About the authors. 16 Notices . 17 Trademarks . 18 2 Oracle and Lenovo X6 Validated Configuration Guide Executive summary This paper describes a collaboration by subject matter experts from Lenovo® and Oracle.
    [Show full text]
  • Oracle Linux Virtualization Manager
    Oracle Linux Virtualization Manager Oracle Linux Virtualization Manager is a server virtualization management platform that can be easily deployed to configure, monitor, and manage an Oracle Linux Kernel-based Virtual Machine (KVM) environment. Oracle Linux Key Features KVM and Oracle Linux Virtualization Manager provide a modern, open source, Leading high performance alternative to proprietary server virtualization solutions price/performance with zero licensing costs. using a modern, low overhead An Oracle Linux Premier Support subscription provides customers access to architecture based award-winning Oracle support resources for Oracle Linux Virtualization on the KVM hypervisor Manager, KVM, Oracle Linux, zero-downtime patching with Ksplice, cloud Self-Hosted native tools such as Kubernetes and Kata Containers, clustering tools, Oracle Engine offers a Linux Manager, and Oracle Enterprise Manager. All this and lifetime software hyper-converged management support is included in a single cost-effective support offering. For customers solution with high with an Oracle Cloud Infrastructure subscription, Oracle Linux Premier availability for the support is included at no additional cost. Unlike many other commercial Linux Manager distributions, Oracle Linux is easy to download and completely free to use, Full REST API allows greater distribute, and update. automation and interoperability Oracle Linux KVM Support for secure live migration and Starting with Oracle Linux Release 7 with the Unbreakable Enterprise Kernel (UEK) Release storage live 5, Oracle Linux KVM has been enhanced to deliver leading performance and security for migration hybrid and multi-cloud deployments. Users can take a previously deployed Oracle Linux VM high system and turn the operating environment into a KVM host, or a KVM configuration can availability be set up from a base Oracle Linux installation.
    [Show full text]