安装
[kiosk@foundation ~]$ RHEXAM ex200 init
clean all env
clean env successfully
sysprep EX200 servera
sysprep EX200 serverb
init EX200 servera
init EX200 serverb
在servera.rhel.exam.com上执行以下任务
第1题 配置网络设置
[kiosk@foundation ~]$ ssh root@servera
root@servera's password:
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last failed login: Fri Jul 11 22:26:08 EDT 2025 from 172.25.250.1 on ssh:notty
There were 6 failed login attempts since the last successful login.
Last login: Fri Jul 11 22:05:14 2025
[root@servera ~]#
[root@servera ~]# hostname
servera.rhel.exam.com
[root@servera ~]# nmcli con show "Wired connection 1" | grep ipv4
ipv4.method: manual
ipv4.dns: 172.25.250.1
ipv4.dns-search: --
ipv4.dns-options: --
ipv4.dns-priority: 0
ipv4.addresses: 172.25.250.50/24
ipv4.gateway: 172.25.250.1
ipv4.routes: --
ipv4.route-metric: -1
ipv4.route-table: 0 (unspec)
ipv4.routing-rules: --
ipv4.replace-local-rule: -1 (default)
ipv4.ignore-auto-routes: no
ipv4.ignore-auto-dns: no
ipv4.dhcp-client-id: --
ipv4.dhcp-iaid: --
ipv4.dhcp-timeout: 0 (default)
ipv4.dhcp-send-hostname: yes
ipv4.dhcp-hostname: --
ipv4.dhcp-fqdn: --
ipv4.dhcp-hostname-flags: 0x0 (none)
ipv4.never-default: no
ipv4.may-fail: yes
ipv4.required-timeout: -1 (default)
ipv4.dad-timeout: -1 (default)
ipv4.dhcp-vendor-class-identifier: --
ipv4.link-local: 0 (default)
ipv4.dhcp-reject-servers: --
ipv4.auto-route-ext-gw: -1 (default)
第2题 配置系统以使用默认存储库
[root@servera ~]# vi /etc/yum.repos.d/local.repo
[root@servera ~]# cat /etc/yum.repos.d/local.repo
[baseos]
name=baseos
baseurl=http://master.rhel.exam.com/rhel9/repos/BaseOS/
enabled=1
gpgcheck=0
[APP]
name=appstream
baseurl=http://master.rhel.exam.com/rhel9/repos/AppStream/
enabled=1
gpgcheck=0
[root@servera ~]# dnf clean all && dnf makecache
[root@servera ~]# dnf repolist # 查看
第3题 调试SELinux
[root@servera ~]# ls /var/www/html/
1.html 2.html
[root@servera ~]# ls -Z /var/www/html/ # 查看上下文结构,结构不对,需更改
system_u:object_r:public_content_t:s0 1.html
system_u:object_r:admin_home_t:s0 2.html
[root@servera ~]# setenforce # 更改selinux模式
usage: setenforce [ Enforcing | Permissive | 1 | 0 ]
[root@servera ~]# setenforce 1 # 临时更改
[root@servera ~]# vi /etc/selinux/config # 图1 永久更改
[root@servera ~]# man semanage-fcontext #修改上下文,发现找不到semanage
No manual entry for semanage-fcontext
# 安装semanage
[root@servera ~]# dnf provides semanage
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:22:04 ago on Fri 11 Jul 2025 10:46:39 PM EDT.
policycoreutils-python-utils-3.5-2.el9.noarch : SELinux policy core python
: utilities
Repo : APP
Matched from:
Filename : /usr/sbin/semanage
[root@servera ~]# dnf install /usr/sbin/semanage
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:22:23 ago on Fri 11 Jul 2025 10:46:39 PM EDT.
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
policycoreutils-python-utils noarch 3.5-2.el9 APP 82 k
Installing dependencies:
checkpolicy x86_64 3.5-1.el9 APP 351 k
python3-audit x86_64 3.0.7-104.el9 APP 85 k
python3-distro noarch 1.5.0-7.el9 APP 40 k
python3-libsemanage x86_64 3.5-2.el9 APP 82 k
python3-policycoreutils noarch 3.5-2.el9 APP 2.1 M
python3-setools x86_64 4.4.3-1.el9 baseos 608 k
Transaction Summary
================================================================================
Install 7 Packages
Total download size: 3.3 M
Installed size: 10 M
Is this ok [y/N]: y
Downloading Packages:
(1/7): policycoreutils-python-utils-3.5-2.el9.n 6.8 MB/s | 82 kB 00:00
(2/7): checkpolicy-3.5-1.el9.x86_64.rpm 20 MB/s | 351 kB 00:00
(3/7): python3-audit-3.0.7-104.el9.x86_64.rpm 9.8 MB/s | 85 kB 00:00
(4/7): python3-distro-1.5.0-7.el9.noarch.rpm 6.1 MB/s | 40 kB 00:00
(5/7): python3-libsemanage-3.5-2.el9.x86_64.rpm 14 MB/s | 82 kB 00:00
(6/7): python3-setools-4.4.3-1.el9.x86_64.rpm 18 MB/s | 608 kB 00:00
(7/7): python3-policycoreutils-3.5-2.el9.noarch 55 MB/s | 2.1 MB 00:00
--------------------------------------------------------------------------------
Total 49 MB/s | 3.3 MB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : python3-libsemanage-3.5-2.el9.x86_64 1/7
Installing : python3-distro-1.5.0-7.el9.noarch 2/7
Installing : python3-audit-3.0.7-104.el9.x86_64 3/7
Installing : checkpolicy-3.5-1.el9.x86_64 4/7
Installing : python3-setools-4.4.3-1.el9.x86_64 5/7
Installing : python3-policycoreutils-3.5-2.el9.noarch 6/7
Installing : policycoreutils-python-utils-3.5-2.el9.noarch 7/7
Running scriptlet: policycoreutils-python-utils-3.5-2.el9.noarch 7/7
Verifying : python3-setools-4.4.3-1.el9.x86_64 1/7
Verifying : checkpolicy-3.5-1.el9.x86_64 2/7
Verifying : policycoreutils-python-utils-3.5-2.el9.noarch 3/7
Verifying : python3-audit-3.0.7-104.el9.x86_64 4/7
Verifying : python3-distro-1.5.0-7.el9.noarch 5/7
Verifying : python3-libsemanage-3.5-2.el9.x86_64 6/7
Verifying : python3-policycoreutils-3.5-2.el9.noarch 7/7
Installed products updated.
Installed:
checkpolicy-3.5-1.el9.x86_64
policycoreutils-python-utils-3.5-2.el9.noarch
python3-audit-3.0.7-104.el9.x86_64
python3-distro-1.5.0-7.el9.noarch
python3-libsemanage-3.5-2.el9.x86_64
python3-policycoreutils-3.5-2.el9.noarch
python3-setools-4.4.3-1.el9.x86_64
Complete!
[root@servera ~]# man semanage-fcontext
[root@servera ~]#
[root@servera ~]# semanage fcontext -m -t httpd_sys_content_t "/var/www/html/(/.*)?"
ValueError: File context for /var/www/html/(/.*)? is not defined
[root@servera ~]# semanage fcontext -m -t httpd_sys_content_t "/var/www/html(/.*)?"
ValueError: File context for /var/www/html(/.*)? is not defined
[root@servera ~]# semanage fcontext -a -t httpd_sys_content_t "/var/www/html(/.*)?"
[root@servera ~]# restorecon -Rv /var/www/html/*
Relabeled /var/www/html/1.html from system_u:object_r:public_content_t:s0 to system_u:object_r:httpd_sys_content_t:s0
Relabeled /var/www/html/2.html from system_u:object_r:admin_home_t:s0 to system_u:object_r:httpd_sys_content_t:s0
[root@servera ~]#
[root@servera ~]# ls -Z /var/www/html/
system_u:object_r:httpd_sys_content_t:s0 1.html
system_u:object_r:httpd_sys_content_t:s0 2.html
[root@servera ~]#
[root@servera ~]# vim /etc/httpd/conf/httpd.conf
-bash: vim: command not found
[root@servera ~]# vi /etc/httpd/conf/httpd.conf
[root@servera ~]#
[root@servera ~]#
[root@servera ~]# semanage port -l | grep 8888
[root@servera ~]#
[root@servera ~]# man semanage-port
[root@servera ~]# semanage port -a -t http_port_t -p tcp 8888
[root@servera ~]# semanage port -l | grep 8888
http_port_t tcp 8888, 80, 81, 443, 488, 8008, 8009, 8443, 9000
[root@servera ~]# semanage port -l | grep http
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 8888, 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
[root@servera ~]#
[root@servera ~]# systemctl status firewalled
Unit firewalled.service could not be found.
[root@servera ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset>
Active: active (running) since Fri 2025-07-11 22:03:05 EDT; 1h 18min ago
Docs: man:firewalld(1)
Main PID: 714 (firewalld)
Tasks: 2 (limit: 12125)
Memory: 42.0M
CPU: 789ms
CGroup: /system.slice/firewalld.service
└─714 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid
Jul 11 22:03:04 localhost systemd[1]: Starting firewalld - dynamic firewall dae>
Jul 11 22:03:05 localhost systemd[1]: Started firewalld - dynamic firewall daem>
[root@servera ~]#
[root@servera ~]#
[root@servera ~]# man firewall-cmd
[root@servera ~]# firewall-cmd --permanent --add-port=8888/tcp
success
[root@servera ~]# reload
-bash: reload: command not found
[root@servera ~]# firewall-cmd --reload
success
[root@servera ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp1s0
sources:
services: cockpit dhcpv6-client ssh
ports: 8888/tcp
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@servera ~]#
[root@servera ~]# systemctl restart httpd
[root@servera ~]# systemctl enable httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@servera ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; preset: di>
Active: active (running) since Fri 2025-07-11 23:25:29 EDT; 58s ago
Docs: man:httpd.service(8)
Main PID: 11423 (httpd)
Status: "Total requests: 0; Idle/Busy workers 100/0;Requests/sec: 0; Bytes>
Tasks: 213 (limit: 12125)
Memory: 31.1M
CPU: 112ms
CGroup: /system.slice/httpd.service
├─11423 /usr/sbin/httpd -DFOREGROUND
├─11424 /usr/sbin/httpd -DFOREGROUND
├─11425 /usr/sbin/httpd -DFOREGROUND
├─11426 /usr/sbin/httpd -DFOREGROUND
└─11427 /usr/sbin/httpd -DFOREGROUND
Jul 11 23:25:29 servera.rhel.exam.com systemd[1]: Starting The Apache HTTP Serv>
Jul 11 23:25:29 servera.rhel.exam.com httpd[11423]: Server configured, listenin>
Jul 11 23:25:29 servera.rhel.exam.com systemd[1]: Started The Apache HTTP Serve>
[root@servera ~]#
图1 永久更改
第4题 创建用户账户
# 创建组
[root@servera ~]# groupadd sysmgrs
[root@servera ~]#
[root@servera ~]# useradd -G sysmgrs user01
[root@servera ~]# useradd -G sysmgrs user02
[root@servera ~]# useradd -s /sbin/nologin user03
# 设置密码
[root@servera ~]# echo "HOF1na2dhpuP" | passwd --stdin user01
Changing password for user user01.
passwd: all authentication tokens updated successfully.
[root@servera ~]# echo "HOF1na2dhpuP" | passwd --stdin user02
Changing password for user user02.
passwd: all authentication tokens updated successfully.
[root@servera ~]# echo "HOF1na2dhpuP" | passwd --stdin user03
Changing password for user user03.
passwd: all authentication tokens updated successfully.
# 检查
[root@servera ~]# id user01
uid=1000(user01) gid=1001(user01) groups=1001(user01),1000(sysmgrs)
[root@servera ~]# id user02
uid=1001(user02) gid=1002(user02) groups=1002(user02),1000(sysmgrs)
[root@servera ~]# id user03
uid=1002(user03) gid=1003(user03) groups=1003(user03)
第5题 配置cron作业
# 查看*含义
[kiosk@foundation ~]$ cat /etc/crontab
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
# For details see man 4 crontabs
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
* * * * * root /root/lock.sh
# 配置cron
[root@servera ~]#
[root@servera ~]# /bin/date
Sat Jul 12 12:13:34 AM EDT 2025
[root@servera ~]# crontab -e -u user02
no crontab for user02 - using an empty one
crontab: installing new crontab
[root@servera ~]# crontab -l -u user02
0 5,22 * * * /bin/date > /tmp/cronfile
第6题 创建协作目录
[root@servera ~]# mkdir /home/managers
[root@servera ~]# ls -ld /home/managers
drwxr-xr-x. 2 root root 6 Jul 12 00:29 /home/managers
# 改所属组
[root@servera ~]# chown :sysmgrs /home/managers/
[root@servera ~]# ls -ld /home/managers
drwxr-xr-x. 2 root sysmgrs 6 Jul 12 00:29 /home/managers
# 改权限
[root@servera ~]# chown :sysmgrs /home/managers/
[root@servera ~]# ls -ld /home/managers
drwxr-xr-x. 2 root sysmgrs 6 Jul 12 00:29 /home/managers
[root@servera ~]# chmod g+w,o-rx /home/managers/
[root@servera ~]# ls -ld /home/managers
drwxrwx---. 2 root sysmgrs 6 Jul 12 00:29 /home/managers
# 加特殊权限(第3小问)
[root@servera ~]# chmod g+s /home/managers/
[root@servera ~]# ls -ld /home/managers
drwxrws---. 2 root sysmgrs 6 Jul 12 00:29 /home/managers
# 检查
[root@servera ~]# touch /home/managers/1.txt
[root@servera ~]# ls -l /home/managers
total 0
-rw-r--r--. 1 root sysmgrs 0 Jul 12 00:38 1.txt
[root@servera ~]# rm -rf /home/managers/1.txt #检查完要删掉
第7题 配置NTP
[root@servera ~]# vi /etc/chrony.conf # 图1 配置系统
# 重启服务并设置开机自启动
[root@servera ~]# systemctl restart chronyd.service
[root@servera ~]# systemctl enable chronyd.service
# 查看服务
[root@servera ~]# systemctl status chronyd.service
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; preset: enable>
Active: active (running) since Sat 2025-07-12 00:51:16 EDT; 23s ago
Docs: man:chronyd(8)
man:chrony.conf(5)
Main PID: 11778 (chronyd)
Tasks: 1 (limit: 12125)
Memory: 888.0K
CPU: 26ms
CGroup: /system.slice/chronyd.service
└─11778 /usr/sbin/chronyd -F 2
Jul 12 00:51:16 servera.rhel.exam.com systemd[1]: Starting NTP client/server...
Jul 12 00:51:16 servera.rhel.exam.com chronyd[11778]: chronyd version 4.3 starting (+>
Jul 12 00:51:16 servera.rhel.exam.com chronyd[11778]: Frequency 0.000 +/- 1000000.000>
Jul 12 00:51:16 servera.rhel.exam.com chronyd[11778]: Using right/UTC timezone to obt>
Jul 12 00:51:16 servera.rhel.exam.com chronyd[11778]: Loaded seccomp filter (level 2)
Jul 12 00:51:16 servera.rhel.exam.com systemd[1]: Started NTP client/server.
# 检查
[root@servera ~]# chronyc sources
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? master.rhel.exam.com 0 7 0 - +0ns[ +0ns] +/- 0ns
图1 配置系统
第8题 配置autofs
[root@servera ~]# dnf install autofs -y
[root@servera ~]# dnf install nfs-utils.x86_64
[root@servera ~]# vi /etc/auto.master #图1
[root@servera ~]# vi /etc/auto.misc #图2
# 重启系统,开机自启,查看
[root@servera ~]# systemctl restart autofs
[root@servera ~]# systemctl enable autofs
Created symlink /etc/systemd/system/multi-user.target.wants/autofs.service → /usr/lib/systemd/system/autofs.service.
[root@servera ~]# systemctl status autofs
● autofs.service - Automounts filesystems on demand
Loaded: loaded (/usr/lib/systemd/system/autofs.service; enabled; preset: disable>
Active: active (running) since Sat 2025-07-12 01:31:57 EDT; 22s ago
Main PID: 12612 (automount)
Tasks: 7 (limit: 12125)
Memory: 1.9M
CPU: 20ms
CGroup: /system.slice/autofs.service
└─12612 /usr/sbin/automount --systemd-service --dont-check-daemon
Jul 12 01:31:57 servera.rhel.exam.com systemd[1]: Starting Automounts filesystems on >
Jul 12 01:31:57 servera.rhel.exam.com automount[12612]: setautomntent: lookup(sss): s>
Jul 12 01:31:57 servera.rhel.exam.com systemd[1]: Started Automounts filesystems on d>
# 第5小问
[root@servera ~]# useradd -u 4000 -d /remotehome/rhel rhel
useradd: warning: the home directory /remotehome/rhel already exists.
useradd: Not copying any file from skel directory into it.
[root@servera ~]# echo "HOF1na2dhpuP" | passwd --stdin rhel
Changing password for user rhel.
passwd: all authentication tokens updated successfully.
# 检验
[root@servera ~]# ls /remotehome/rhel
ls: cannot open directory '/remotehome/rhel': Permission denied # 该目录已经存放到rhel下了,所以查不到
[root@servera ~]# su - rhel # 进入rhel里去查询
[rhel@servera ~]$ ls /remotehome/rhel
[rhel@servera ~]$ exit
logout
图一
图2
第9题 设置新用户密码策略
[root@servera ~]# vi /etc/login.defs # 图1
# 检查
[root@servera ~]# cat /etc/login.defs | grep 20
# and TTYPERM as 0620. Otherwise leave TTYGROUP commented out and
PASS_MAX_DAYS 20
SYS_UID_MIN 201
SYS_GID_MIN 201
图1
第10题 创建用于定位文件的脚本
[root@servera ~]# find /usr -size +10M -perm -2000
[root@servera ~]# find /usr -size -10M -perm -2000
/usr/bin/write
/usr/libexec/utempter/utempter
/usr/libexec/openssh/ssh-keysign
[root@servera ~]# ll /usr/bin/write
-rwxr-sr-x. 1 root tty 23800 Aug 24 2023 /usr/bin/write
[root@servera ~]# vi /usr/local/bin/strong # 图1
[root@servera ~]# ll /usr/local/bin/strong #查看执行权限
。。。。。。
[root@servera ~]# chmod a+x /usr/local/bin/strong #添加权限
[root@servera ~]# /usr/local/bin/strong
[root@servera ~]#
[root@servera ~]# cat /root/strongfile
/usr/bin/write
/usr/libexec/utempter/utempter
/usr/libexec/openssh/ssh-keysign
图1
第11题 调整逻辑卷大小
[root@servera ~]# lvs # 查看逻辑卷,所属卷组
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
root rhel -wi-ao---- 16.41g
swap rhel -wi-ao---- 2.00g
data vg1 -wi-a----- 52.00m
[root@servera ~]# vgs # 查看卷组空间是否够扩容
VG #PV #LV #SN Attr VSize VFree
rhel 1 2 0 wz--n- 18.41g 0
vg1 1 1 0 wz--n- 1020.00m 968.00m
[root@servera ~]# lvresize -r -L 230M /dev/vg1/data
Rounding size to boundary between physical extents: 232.00 MiB.
Size of logical volume vg1/data changed from 52.00 MiB (13 extents) to 232.00 MiB (58 extents).
File system ext4 found on vg1/data.
File system fsck will be run before extend.
Extending file system ext4 to 232.00 MiB (243269632 bytes) on vg1/data...
e2fsck /dev/vg1/data
/dev/vg1/data: 11/13328 files (0.0% non-contiguous), 8489/53248 blocks
e2fsck done
resize2fs /dev/vg1/data
resize2fs 1.46.5 (30-Dec-2021)
Resizing the filesystem on /dev/vg1/data to 237568 (1k) blocks.
The filesystem on /dev/vg1/data is now 237568 (1k) blocks long.
resize2fs done
Extended file system ext4 on vg1/data.
Logical volume vg1/data successfully resized.
[root@servera ~]# lsblk # 查看
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
vda 252:0 0 20G 0 disk
├─vda1 252:1 0 600M 0 part /boot/efi
├─vda2 252:2 0 1G 0 part /boot
└─vda3 252:3 0 18.4G 0 part
├─rhel-root 253:0 0 16.4G 0 lvm /
└─rhel-swap 253:1 0 2G 0 lvm [SWAP]
vdb 252:16 0 5G 0 disk
└─vdb1 252:17 0 1G 0 part
└─vg1-data 253:2 0 232M 0 lvm
vdc 252:32 0 10G 0 disk
第12题 添加交换分区
[root@servera ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
vda 252:0 0 20G 0 disk
├─vda1 252:1 0 600M 0 part /boot/efi
├─vda2 252:2 0 1G 0 part /boot
└─vda3 252:3 0 18.4G 0 part
├─rhel-root 253:0 0 16.4G 0 lvm /
└─rhel-swap 253:1 0 2G 0 lvm [SWAP]
vdb 252:16 0 5G 0 disk
└─vdb1 252:17 0 1G 0 part
└─vg1-data 253:2 0 232M 0 lvm
vdc 252:32 0 10G 0 disk
[root@servera ~]# gdisk vdb # 创建
GPT fdisk (gdisk) version 1.0.7
Problem opening vdb for reading! Error is 2.
The specified file does not exist!
[root@servera ~]# gdisk /dev/vdb
GPT fdisk (gdisk) version 1.0.7
Partition table scan:
MBR: protective
BSD: not present
APM: not present
GPT: present
Found valid GPT with protective MBR; using GPT.
Command (? for help): ?
b back up GPT data to a file
c change a partition's name
d delete a partition
i show detailed information on a partition
l list known partition types
n add a new partition
o create a new empty GUID partition table (GPT)
p print the partition table
q quit without saving changes
r recovery and transformation options (experts only)
s sort partitions
t change a partition's type code
v verify disk
w write table to disk and exit
x extra functionality (experts only)
? print this menu
### n 添加分区
### p 打印分区表信息
### d 删除分区
### w 保存并退出
### q 直接退出不保存
Command (? for help): n
Partition number (2-128, default 2):
First sector (34-10485726, default = 2099200) or {+-}size{KMGTP}:
Last sector (2099200-10485726, default = 10485726) or {+-}size{KMGTP}: +756M
Current type is 8300 (Linux filesystem)
Hex code or GUID (L to show codes, Enter = 8300):
Changed type of partition to 'Linux filesystem'
Command (? for help): p
Disk /dev/vdb: 10485760 sectors, 5.0 GiB
Sector size (logical/physical): 512/512 bytes
Disk identifier (GUID): CBF82E3F-6EAD-4A28-BA5C-8EB3A9F7E5B8
Partition table holds up to 128 entries
Main partition table begins at sector 2 and ends at sector 33
First usable sector is 34, last usable sector is 10485726
Partitions will be aligned on 2048-sector boundaries
Total free space is 6840253 sectors (3.3 GiB)
Number Start (sector) End (sector) Size Code Name
1 2048 2099199 1024.0 MiB 8300 part1
2 2099200 3647487 756.0 MiB 8300 Linux filesystem
Command (? for help): w
Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING
PARTITIONS!!
Do you want to proceed? (Y/N): y
OK; writing new GUID partition table (GPT) to /dev/vdb.
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot or after you
run partprobe(8) or kpartx(8)
The operation has completed successfully.
[root@servera ~]# lsblk # 不刷新查看不到
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
vda 252:0 0 20G 0 disk
├─vda1 252:1 0 600M 0 part /boot/efi
├─vda2 252:2 0 1G 0 part /boot
└─vda3 252:3 0 18.4G 0 part
├─rhel-root 253:0 0 16.4G 0 lvm /
└─rhel-swap 253:1 0 2G 0 lvm [SWAP]
vdb 252:16 0 5G 0 disk
└─vdb1 252:17 0 1G 0 part
└─vg1-data 253:2 0 232M 0 lvm
vdc 252:32 0 10G 0 disk
[root@servera ~]# partprobe # 更新
[root@servera ~]# lsblk # 查看
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
vda 252:0 0 20G 0 disk
├─vda1 252:1 0 600M 0 part /boot/efi
├─vda2 252:2 0 1G 0 part /boot
└─vda3 252:3 0 18.4G 0 part
├─rhel-root 253:0 0 16.4G 0 lvm /
└─rhel-swap 253:1 0 2G 0 lvm [SWAP]
vdb 252:16 0 5G 0 disk
├─vdb1 252:17 0 1G 0 part
│ └─vg1-data 253:2 0 232M 0 lvm
└─vdb2 252:18 0 756M 0 part
vdc 252:32 0 10G 0 disk
[root@servera ~]# mkswap /dev/vdb2 # 格式化
Setting up swapspace version 1, size = 756 MiB (792719360 bytes)
no label, UUID=90d0cc9b-acf7-44a2-bc90-8d5a5467103f
[root@servera ~]# blkid /dev/vdb2 #查看
/dev/vdb2: UUID="90d0cc9b-acf7-44a2-bc90-8d5a5467103f" TYPE="swap" PARTLABEL="Linux filesystem" PARTUUID="391f7cdf-a0be-4488-93ba-cc75e2d071b2"
[root@servera ~]#
[root@servera ~]# vi /etc/fstab # 图1
[root@servera ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
vda 252:0 0 20G 0 disk
├─vda1 252:1 0 600M 0 part /boot/efi
├─vda2 252:2 0 1G 0 part /boot
└─vda3 252:3 0 18.4G 0 part
├─rhel-root 253:0 0 16.4G 0 lvm /
└─rhel-swap 253:1 0 2G 0 lvm [SWAP]
vdb 252:16 0 5G 0 disk
├─vdb1 252:17 0 1G 0 part
│ └─vg1-data 253:2 0 232M 0 lvm
└─vdb2 252:18 0 756M 0 part
vdc 252:32 0 10G 0 disk
[root@servera ~]# swapon /dev/vdb2
[root@servera ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
vda 252:0 0 20G 0 disk
├─vda1 252:1 0 600M 0 part /boot/efi
├─vda2 252:2 0 1G 0 part /boot
└─vda3 252:3 0 18.4G 0 part
├─rhel-root 253:0 0 16.4G 0 lvm /
└─rhel-swap 253:1 0 2G 0 lvm [SWAP]
vdb 252:16 0 5G 0 disk
├─vdb1 252:17 0 1G 0 part
│ └─vg1-data 253:2 0 232M 0 lvm
└─vdb2 252:18 0 756M 0 part [SWAP]
vdc 252:32 0 10G 0 disk
[root@servera ~]#
图1
第13题 创建逻辑卷
# 估算大小16*56=896,不到1G的空间
# 创建1G分区
[root@servera ~]# gdisk /dev/vgb
GPT fdisk (gdisk) version 1.0.7
Problem opening /dev/vgb for reading! Error is 2.
The specified file does not exist!
[root@servera ~]# gdisk /dev/vdb
GPT fdisk (gdisk) version 1.0.7
Partition table scan:
MBR: protective
BSD: not present
APM: not present
GPT: present
Found valid GPT with protective MBR; using GPT.
Command (? for help): n
Partition number (3-128, default 3):
First sector (34-10485726, default = 3647488) or {+-}size{KMGTP}:
Last sector (3647488-10485726, default = 10485726) or {+-}size{KMGTP}: +1G
Current type is 8300 (Linux filesystem)
Hex code or GUID (L to show codes, Enter = 8300):
Changed type of partition to 'Linux filesystem'
Command (? for help): w
Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING
PARTITIONS!!
Do you want to proceed? (Y/N): y
OK; writing new GUID partition table (GPT) to /dev/vdb.
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot or after you
run partprobe(8) or kpartx(8)
The operation has completed successfully.
# 刷新,查看
[root@servera ~]# partprobe
[root@servera ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
vda 252:0 0 20G 0 disk
├─vda1 252:1 0 600M 0 part /boot/efi
├─vda2 252:2 0 1G 0 part /boot
└─vda3 252:3 0 18.4G 0 part
├─rhel-root 253:0 0 16.4G 0 lvm /
└─rhel-swap 253:1 0 2G 0 lvm [SWAP]
vdb 252:16 0 5G 0 disk
├─vdb1 252:17 0 1G 0 part
│ └─vg1-data 253:2 0 232M 0 lvm
├─vdb2 252:18 0 756M 0 part [SWAP]
└─vdb3 252:19 0 1G 0 part
vdc 252:32 0 10G 0 disk
[root@servera ~]#
# 分区转化为pv,物理卷
[root@servera ~]# pvcreate /dev/vdb3
Physical volume "/dev/vdb3" successfully created.
Not creating system devices file due to existing VGs.
#pv整合成vg,卷组(不需要加单位,默认MiB)
[root@servera ~]# vgcreate -s 16 qagroup /dev/vdb3
Not creating system devices file due to existing VGs.
Volume group "qagroup" successfully created
# 划分逻辑卷 -l PE的数量
[root@servera ~]# lvcreate -l 56 -n qa qagroup
Logical volume "qa" created.
[root@servera ~]# lvdisplay qagroup # 检查
--- Logical volume ---
LV Path /dev/qagroup/qa
LV Name qa
VG Name qagroup
LV UUID quNBaV-g4gL-AdId-hzg2-zK17-Zono-7ofdhl
LV Write Access read/write
LV Creation host, time servera.rhel.exam.com, 2025-07-12 21:41:34 -0400
LV Status available
# open 0
LV Size 896.00 MiB
Current LE 56
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 253:3
[root@servera ~]# mkfs.ext4 /dev/mapper/qagroup-qa # 挂载
mke2fs 1.46.5 (30-Dec-2021)
Discarding device blocks: done
Creating filesystem with 229376 4k blocks and 57344 inodes
Filesystem UUID: 4a192762-ec0c-4af7-ab80-755f0f251415
Superblock backups stored on blocks:
32768, 98304, 163840
Allocating group tables: done
Writing inode tables: done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done
[root@servera ~]# blkid /dev/qagroup/qa # 查看
/dev/qagroup/qa: UUID="4a192762-ec0c-4af7-ab80-755f0f251415" TYPE="ext4"
[root@servera ~]# mkdir /mnt/qa # 创建挂载点
[root@servera ~]# vi /etc/fstab # 图1
[root@servera ~]# mount -a # 检查
mount: (hint) your fstab has been modified, but systemd still uses
the old version; use 'systemctl daemon-reload' to reload.
[root@servera ~]# systemctl daemon-reload
[root@servera ~]# lsblk # 查看
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
vda 252:0 0 20G 0 disk
├─vda1 252:1 0 600M 0 part /boot/efi
├─vda2 252:2 0 1G 0 part /boot
└─vda3 252:3 0 18.4G 0 part
├─rhel-root 253:0 0 16.4G 0 lvm /
└─rhel-swap 253:1 0 2G 0 lvm [SWAP]
vdb 252:16 0 5G 0 disk
├─vdb1 252:17 0 1G 0 part
│ └─vg1-data 253:2 0 232M 0 lvm
├─vdb2 252:18 0 756M 0 part [SWAP]
└─vdb3 252:19 0 1G 0 part
└─qagroup-qa 253:3 0 896M 0 lvm /mnt/qa
vdc 252:32 0 10G 0 disk
图1
在serverb.rhel.exam.com上执行以下任务
第1题 设置root密码
如出现以上问题,说明服务器开启有问题,可重启一下serverb
第2题 配置sudo
[root@serverb ~]# useradd admin
[root@serverb ~]# echo "HOF1na2dhpuP" | passwd --stdin admin
Changing password for user admin.
passwd: all authentication tokens updated successfully.
[root@serverb ~]# vi /etc/sudoers
[root@serverb ~]# sudo useradd user01
[root@serverb ~]# sudo userdel -r user01
[root@serverb ~]# su - admin
[admin@serverb ~]$ exit
logout
[root@serverb ~]#
第3题 查找字符串
[root@serverb ~]# grep "debug" /usr/share/doc/openssh/ChangeLog
[root@serverb ~]# grep "debug" /usr/share/doc/openssh/ChangeLog > /root/list
[root@serverb ~]# cat /root/list
第4题 创建存档
[root@serverb ~]# vim /etc/yum.repos.d/local.repo
-bash: vim: command not found
[root@serverb ~]# vi /etc/yum.repos.d/local.repo
[root@serverb ~]# cat /etc/yum.repos.d/local.repo
[baseos]
name=baseos
baseurl=http://master.rhel.exam.com/rhel9/repos/BaseOS/
enabled=1
gpgcheck=0
[APP]
name=appstream
baseurl=http://master.rhel.exam.com/rhel9/repos/AppStream/
enabled=1
gpgcheck=0
[root@serverb ~]# dnf install vim
。。。。。。
Complete!
# 安装bzip2
[root@serverb ~]# dnf install bzip2
。。。。。。
Complete!
# 压缩
[root@serverb ~]# tar --bzip2 -cvf /root/backup.tar.bz2 /usr/share/doc
tar: Removing leading `/' from member names
/usr/share/doc/
。。。。。
[root@serverb ~]# file backup.tar.bz2
backup.tar.bz2: bzip2 compressed data, block size = 900k
[root@serverb ~]#
第5题 配置系统调优
[root@serverb ~]# tuned-adm --help
-bash: tuned-adm: command not found
[root@serverb ~]# dnf install tuned
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:03:11 ago on Sun 13 Jul 2025 12:06:46 AM EDT.
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
tuned noarch 2.21.0-1.el9_3 baseos 399 k
Installing dependencies:
hdparm x86_64 9.62-2.el9 baseos 99 k
libtraceevent x86_64 1.5.3-3.el9 baseos 255 k
python3-linux-procfs noarch 0.7.1-1.el9 baseos 42 k
python3-perf x86_64 5.14.0-362.8.1.el9_3 baseos 5.2 M
python3-pyudev noarch 0.22.0-6.el9 baseos 94 k
Transaction Summary
================================================================================
Install 6 Packages
Total download size: 6.0 M
Installed size: 3.1 M
Is this ok [y/N]: y
Downloading Packages:
(1/6): hdparm-9.62-2.el9.x86_64.rpm 5.5 MB/s | 99 kB 00:00
(2/6): python3-linux-procfs-0.7.1-1.el9.noarch. 2.1 MB/s | 42 kB 00:00
(3/6): libtraceevent-1.5.3-3.el9.x86_64.rpm 10 MB/s | 255 kB 00:00
(4/6): python3-pyudev-0.22.0-6.el9.noarch.rpm 15 MB/s | 94 kB 00:00
(5/6): tuned-2.21.0-1.el9_3.noarch.rpm 42 MB/s | 399 kB 00:00
(6/6): python3-perf-5.14.0-362.8.1.el9_3.x86_64 125 MB/s | 5.2 MB 00:00
--------------------------------------------------------------------------------
Total 97 MB/s | 6.0 MB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : python3-pyudev-0.22.0-6.el9.noarch 1/6
Installing : python3-linux-procfs-0.7.1-1.el9.noarch 2/6
Installing : libtraceevent-1.5.3-3.el9.x86_64 3/6
Installing : python3-perf-5.14.0-362.8.1.el9_3.x86_64 4/6
Installing : hdparm-9.62-2.el9.x86_64 5/6
Installing : tuned-2.21.0-1.el9_3.noarch 6/6
Running scriptlet: tuned-2.21.0-1.el9_3.noarch 6/6
Created symlink /etc/systemd/system/multi-user.target.wants/tuned.service → /usr/lib/systemd/system/tuned.service.
Verifying : hdparm-9.62-2.el9.x86_64 1/6
Verifying : libtraceevent-1.5.3-3.el9.x86_64 2/6
Verifying : python3-linux-procfs-0.7.1-1.el9.noarch 3/6
Verifying : python3-perf-5.14.0-362.8.1.el9_3.x86_64 4/6
Verifying : python3-pyudev-0.22.0-6.el9.noarch 5/6
Verifying : tuned-2.21.0-1.el9_3.noarch 6/6
Installed products updated.
Installed:
hdparm-9.62-2.el9.x86_64
libtraceevent-1.5.3-3.el9.x86_64
python3-linux-procfs-0.7.1-1.el9.noarch
python3-perf-5.14.0-362.8.1.el9_3.x86_64
python3-pyudev-0.22.0-6.el9.noarch
tuned-2.21.0-1.el9_3.noarch
Complete!
[root@serverb ~]# tuned-adm --help
usage: tuned-adm [-h] [--version] [--debug] [--async] [--timeout TIMEOUT]
[--loglevel LOGLEVEL]
{list,active,off,profile,profile_info,recommend,verify,auto_profile,profile_mode}
...
Manage tuned daemon.
positional arguments:
{list,active,off,profile,profile_info,recommend,verify,auto_profile,profile_mode}
list list available profiles or plugins (by default
profiles)
active show active profile
off switch off all tunings
profile switch to a given profile, or list available profiles
if no profile is given
profile_info show information/description of given profile or
current profile if no profile is specified
recommend recommend profile
verify verify profile
auto_profile enable automatic profile selection mode, switch to the
recommended profile
profile_mode show current profile selection mode
optional arguments:
-h, --help show this help message and exit
--version, -v show program's version number and exit
--debug, -d show debug messages
--async, -a with dbus do not wait on commands completion and
return immediately
--timeout TIMEOUT, -t TIMEOUT
with sync operation use specific timeout instead of
the default 600 second(s)
--loglevel LOGLEVEL, -l LOGLEVEL
level of log messages to capture (one of debug, info,
warn, error, console, none). Default: console
[root@serverb ~]#
[root@serverb ~]# tuned-adm active
Cannot talk to TuneD daemon via DBus. Is TuneD daemon running?
No current active profile.
[root@serverb ~]# tuned-adm recommend
Cannot talk to TuneD daemon via DBus. Is TuneD daemon running?
virtual-guest
[root@serverb ~]# tuned-adm profile virtual-guest
Cannot talk to TuneD daemon via DBus. Is TuneD daemon running?
Trying to (re)start tuned...
TuneD (re)started, changes applied.
[root@serverb ~]# tuned-adm profile virtual-guest
[root@serverb ~]# tuned-adm active
Current active profile: virtual-guest
[root@serverb ~]# systemctl status tuned
● tuned.service - Dynamic System Tuning Daemon
Loaded: loaded (/usr/lib/systemd/system/tuned.service; enabled; preset: en>
Active: active (running) since Sun 2025-07-13 00:11:59 EDT; 1min 58s ago
Docs: man:tuned(8)
man:tuned.conf(5)
man:tuned-adm(8)
Main PID: 12326 (tuned)
Tasks: 4 (limit: 12125)
Memory: 13.5M
CPU: 137ms
CGroup: /system.slice/tuned.service
└─12326 /usr/bin/python3 -Es /usr/sbin/tuned -l -P
Jul 13 00:11:59 serverb.rhel.exam.com systemd[1]: Starting Dynamic System Tunin>
Jul 13 00:11:59 serverb.rhel.exam.com systemd[1]: Started Dynamic System Tuning>
第6、7题 配置容器
[root@serverb ~]# useradd containers
[root@serverb ~]# echo "HOF1na2dhpuP" | passwd --stdin containers
Changing password for user containers.
passwd: all authentication tokens updated successfully.
[root@serverb ~]#
[root@serverb ~]# vim /etc/systemd/journald.conf
[root@serverb ~]#
# 手动创建
[root@serverb ~]# mkdir /var/log/journal
[root@serverb ~]#
[root@serverb ~]# systemctl restart systemd-journald.service
[root@serverb ~]#
[root@serverb ~]# ls /var/log/journal
[root@serverb ~]# reboot
Connection to serverb closed by remote host.
Connection to serverb closed.
[kiosk@foundation ~]$ ssh root@serverb
root@serverb's password:
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Sat Jul 12 23:35:31 2025 from 172.25.250.1
[root@serverb ~]# ls /var/log/journal
43049130057604eadd22e0970de2306a
[root@serverb ~]#
# 第7(2)
[root@serverb ~]# find /var/log/journal -name "*.journal"
/var/log/journal/43049130057604eadd22e0970de2306a/system.journal
[root@serverb ~]#
[root@serverb ~]# find /var/log/journal -name "*.journal" -exec cp -a /home/containers/container_journal^C
[root@serverb ~]# mkdir /home/containers/container_journal
[root@serverb ~]# find /var/log/journal -name "*.journal" -exec cp -a {} /home/containers/container_journal\;
find: missing argument to `-exec'
[root@serverb ~]# find /var/log/journal -name "*.journal" -exec cp -a {} /home/containers/container_journal \;
[root@serverb ~]# ls /home/containers/container_journal
system.journal
# 改所属关系
[root@serverb ~]# ll /home/containers
total 0
drwxr-xr-x. 2 root root 28 Jul 13 02:46 container_journal
[root@serverb ~]# ll /home/containers/container_journal/
total 4368
-rw-r-----+ 1 root systemd-journal 8388608 Jul 13 02:44 system.journal
[root@serverb ~]# chown -R containers:containers /home/containers/
[root@serverb ~]# ll /home/containers
total 0
drwxr-xr-x. 2 containers containers 28 Jul 13 02:46 container_journal
[root@serverb ~]# ll /home/containers/container_journal/
total 4368
-rw-r-----+ 1 containers containers 8388608 Jul 13 02:44 system.journal
[root@serverb ~]#
# 查看是否有podman
[root@serverb ~]# podman --version
-bash: podman: command not found
[root@serverb ~]# dnf install podman container-tools -y # 安装podman和container-tools
。。。。。。
[root@serverb ~]# vim /etc/containers/registries.conf #图1、2、3、4
# 登录到containers
[root@serverb ~]# ssh containers@localhost
The authenticity of host 'localhost (::1)' can't be established.
ED25519 key fingerprint is SHA256:mAbYU8vGRoTKVjWavZxZTIp9wSYV7CG1EoTKw5R1Q/g.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'localhost' (ED25519) to the list of known hosts.
containers@localhost's password:
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
[containers@serverb ~]$
[containers@serverb ~]$ loginctl enable-linger
[containers@serverb ~]$ loginctl show-user containers
UID=4002
GID=4002
Name=containers
Timestamp=Sun 2025-07-13 03:03:15 EDT
TimestampMonotonic=1481322336
RuntimePath=/run/user/4002
Service=user@4002.service
Slice=user-4002.slice
Display=3
State=active
Sessions=3
IdleHint=no
IdleSinceHint=1752390340219118
IdleSinceHintMonotonic=1626403665
Linger=yes
# 登录网站
[containers@serverb ~]$ podman login registry.rhel.exam.com
Username: felix
Password:
Login Succeeded!
[containers@serverb ~]$
# 查找镜像
[containers@serverb ~]$ podman search registry.rhel.exam.com/
NAME DESCRIPTION
registry.rhel.exam.com/rhel9/python-311
registry.rhel.exam.com/rhel9/mariadb-105
registry.rhel.exam.com/rhel9/rsyslog #这个
registry.rhel.exam.com/ansible-automation-platform-22/ee-supported-rhel8
registry.rhel.exam.com/ubi9/ubi
[containers@serverb ~]$ podman run -d --name logserver -v /home/containers/container_journal:/var/log/journal:z registry.rhel.exam.com/rhel9/rsyslog:9.0.0-26
# -v 宿主机目录:容器的目录
Trying to pull registry.rhel.exam.com/rhel9/rsyslog:9.0.0-26...
Getting image source signatures
Copying blob 13a4ffcbf3ae done
Copying blob 8057a0e1716f done
Copying config a0901f8777 done
Writing manifest to image destination
e8f990fbb6c9b8b4b7384522ab91f3e79f65d39a35b8231d114539e30aef1897
# 查看
[containers@serverb ~]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e8f990fbb6c9 registry.rhel.exam.com/rhel9/rsyslog:9.0.0-26 /bin/rsyslog.sh 38 seconds ago Up 38 seconds logserver
[containers@serverb ~]$ podman images #查看镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.rhel.exam.com/rhel9/rsyslog 9.0.0-26 a0901f8777da 2 years ago 240 MB
[containers@serverb ~]$
# 容器服务
[containers@serverb ~]$ mkdir -p ~/.config/systemd/user #固定路径
[containers@serverb ~]$ cd ~/.config/systemd/user
[containers@serverb user]$ pwd
/home/containers/.config/systemd/user
[containers@serverb user]$
[containers@serverb user]$ podman generate systemd -n logserver --files #必须在特定路径下(~/.config/systemd/user),打包成服务
/home/containers/.config/systemd/user/container-logserver.service
# 查看服务正在运行,关闭以podman命令开启,变成以systemctl服务的命令开启,并设置开机自启动
[containers@serverb user]$ podman ps # 查看正在运行的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e8f990fbb6c9 registry.rhel.exam.com/rhel9/rsyslog:9.0.0-26 /bin/rsyslog.sh 12 minutes ago Up 12 minutes logserver
[containers@serverb user]$ podman stop logserver #关闭
logserver
[containers@serverb user]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[containers@serverb user]$ systemctl --user start container-logserver.service
[containers@serverb user]$ systemctl --user enable container-logserver.service
Created symlink /home/containers/.config/systemd/user/default.target.wants/container-logserver.service → /home/containers/.config/systemd/user/container-logserver.service.
[containers@serverb user]$
# 查看正在运行的容器
[containers@serverb user]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e8f990fbb6c9 registry.rhel.exam.com/rhel9/rsyslog:9.0.0-26 /bin/rsyslog.sh 17 minutes ago Up 3 minutes logserver
图1
图2
图3
图4
第8题 构建容器镜像
[containers@serverb user]$ cd
[containers@serverb ~]$ pwd
/home/containers
[containers@serverb ~]$ wget http://master.rhel.exam.com/contents/buildimages.tar.gz
-bash: wget: command not found # 没有wget
# 安装wget,要在root下安装,新开一个终端进行安装
[kiosk@foundation ~]$ ssh root@serverb
root@serverb's password:
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Sun Jul 13 02:39:01 2025 from 172.25.250.1
[root@serverb ~]# dnf install wget
。。。。。。
# 继续在containers下操作
[containers@serverb ~]$ wget http://master.rhel.exam.com/contents/buildimages.tar.gz
--2025-07-13 03:43:34-- http://master.rhel.exam.com/contents/buildimages.tar.gz
Resolving master.rhel.exam.com (master.rhel.exam.com)... 172.25.250.1
Connecting to master.rhel.exam.com (master.rhel.exam.com)|172.25.250.1|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 244 [application/octet-stream]
Saving to: ‘buildimages.tar.gz’
buildimages.tar.g 100%[=============>] 244 --.-KB/s in 0s
2025-07-13 03:43:34 (55.7 MB/s) - ‘buildimages.tar.gz’ saved [244/244]
[containers@serverb ~]$ ls
buildimages.tar.gz container_journal
# 第2小问:解压buildimages.tar.gz,并通过里面的Containerfile文件构建一个名为mybuild:latest的容器镜像
[containers@serverb ~]$ tar -xvf buildimages.tar.gz #解压
buildimages/
buildimages/Containerfile
[containers@serverb ~]$ cat buildimages/Containerfile
FROM registry.rhel.exam.com/ubi9/ubi:9.0.0-1703
CMD ["/bin/bash", "-c", "sleep infinity"]
[containers@serverb ~]$ cd buildimages
[containers@serverb buildimages]$ ls
Containerfile
[containers@serverb buildimages]$ pwd
/home/containers/buildimages
# 创建容器镜像
[containers@serverb buildimages]$ podman build -t mybuild:latest . #加. 基于当前路径下的文件
STEP 1/2: FROM registry.rhel.exam.com/ubi9/ubi:9.0.0-1703
Trying to pull registry.rhel.exam.com/ubi9/ubi:9.0.0-1703...
Getting image source signatures
Copying blob 13a4ffcbf3ae skipped: already exists
Copying config 75f9d700cc done
Writing manifest to image destination
STEP 2/2: CMD ["/bin/bash", "-c", "sleep infinity"]
COMMIT mybuild:latest
--> c4a3023b3125
Successfully tagged localhost/mybuild:latest
c4a3023b31254db67952b4927a77a5b946525d62aaf21795ba5ada84129f5106
# 查看镜像
[containers@serverb buildimages]$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/mybuild latest c4a3023b3125 24 seconds ago 219 MB
registry.rhel.exam.com/rhel9/rsyslog 9.0.0-26 a0901f8777da 2 years ago 240 MB
registry.rhel.exam.com/ubi9/ubi 9.0.0-1703 75f9d700cce5 2 years ago 219 MB
[containers@serverb buildimages]$
# 第3小问:创建一个名为custom的容器网络,使用10.128.0.0/16作为子网范围,10.128.0.1作为网关地址
[containers@serverb buildimages]$ cd
[containers@serverb ~]$ podman network create --gateway 10.128.0.1 --subnet 10.128.0.0/16 # 忘了自定义容器名称,默认出的容器名称为podman1
podman1
[containers@serverb ~]$ podman inspect custom
[]
Error: no such object: "custom"
[containers@serverb ~]$ podman network --help # 查找命令
Manage networks
Description:
Manage networks
Usage:
podman network [command]
Available Commands:
connect Add container to a network
create Create networks for containers and pods
disconnect Disconnect a container from a network
exists Check if network exists
inspect Inspect network
ls List networks
prune Prune unused networks
reload Reload firewall rules for one or more containers
rm Remove networks # 删除容器
update Update an existing podman network
[containers@serverb ~]$ podman network rm podman1 # 删除容器
podman1
[containers@serverb ~]$ podman network create --gateway 10.128.0.1 --subnet 10.128.0.0/16 custom # 重新创建
custom
[containers@serverb ~]$ podman inspect custom # 查看
[
{
"name": "custom",
"id": "c39973260fa37673f2f23387f1febb5d6941640afc74bb0819ef8c88216dad9b",
"driver": "bridge",
"network_interface": "podman1",
"created": "2025-07-13T04:10:10.268997454-04:00",
"subnets": [
{
"subnet": "10.128.0.0/16",
"gateway": "10.128.0.1"
}
],
"ipv6_enabled": false,
"internal": false,
"dns_enabled": true,
"ipam_options": {
"driver": "host-local"
}
}
]
# 第4问:创建一个名为mycontainer的容器,基于之前操作创建的容器镜像,以分离方式运行并使用custom的容器网络,并确保此容器能够开机自启
[containers@serverb ~]$ podman run -d --name mycontainer --network custom localhost/mybuild:latest sleep infinity #基于分离方式运行
ec78ab31a7ae4683d633e376e1f9b5f8dd66484f01b8d8e67719f353c54c8c0b
[containers@serverb ~]$ podman ps # 查看在运行的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e8f990fbb6c9 registry.rhel.exam.com/rhel9/rsyslog:9.0.0-26 /bin/rsyslog.sh 51 minutes ago Up 37 minutes logserver
ec78ab31a7ae localhost/mybuild:latest sleep infinity 2 minutes ago Up 2 minutes mycontainer
[containers@serverb ~]$ cd ~/.config/systemd/user # 配置成服务方式
[containers@serverb user]$ podman generate systemd -n mycontainer --files
/home/containers/.config/systemd/user/container-mycontainer.service
[containers@serverb user]$ podman stop mycontainer # 停止podman命令运行的服务
WARN[0010] StopSignal SIGTERM failed to stop container mycontainer in 10 seconds, resorting to SIGKILL
mycontainer
[containers@serverb user]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e8f990fbb6c9 registry.rhel.exam.com/rhel9/rsyslog:9.0.0-26 /bin/rsyslog.sh 54 minutes ago Up 40 minutes logserver
# 以服务方式开启命令,并设置开机自启动
[containers@serverb user]$ systemctl --user start container-mycontainer.service
[containers@serverb user]$ systemctl --user enable container-mycontainer.service
Created symlink /home/containers/.config/systemd/user/default.target.wants/container-mycontainer.service → /home/containers/.config/systemd/user/container-mycontainer.service.
[containers@serverb user]$ podman ps # 查看
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e8f990fbb6c9 registry.rhel.exam.com/rhel9/rsyslog:9.0.0-26 /bin/rsyslog.sh 55 minutes ago Up 41 minutes logserver
ec78ab31a7ae localhost/mybuild:latest sleep infinity 5 minutes ago Up 21 seconds mycontainer
