RedHat Red Hat Certified System Administrator - RHCSA (EX200日本語版) - EX200日本語무료 덤프문제 풀어보기
NTPの設定
システムをmaterials.example.comのNTPサーバーと同期するように設定してください(注:materials.example.comはclassroom.example.comの別名です)。
システムをmaterials.example.comのNTPサーバーと同期するように設定してください(注:materials.example.comはclassroom.example.comの別名です)。
정답:
Solution:
# Install the chrony service for configuring NTP server
[root@node1 ~]# yum -y install chrony
[root@node1 ~]# vim /etc/chrony.conf
server materials.example.com iburst
[root@node1 ~]# systemctl restart chronyd
[root@node1 ~]# systemctl enable chronyd
# Check
# Set an arbitrary time
[root@node1 ~]# date -s "1982-1-1"
Fri Jan 1 12:00:00 AM EST 1982
# Restart the NTP server
[root@node1 ~]# systemctl restart chronyd
# Check if the time is synchronized
# Execute after 3-5 seconds, too fast won't synchronize the time
[root@node1 ~]# date
Tue Dec 12 11:40:19 PM EST 2023
# Use the chronyc command to check synchronization status
[root@node1 ~]# chronyc sources -v
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current best, '+' = combined, '-' = not combined,
| / 'x' = may be in error, '~' = too variable, '?' = unusable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
^* classroom.lab.example.com 8 6 17 42 -14us[ -11us] +/- 463us
# Install the chrony service for configuring NTP server
[root@node1 ~]# yum -y install chrony
[root@node1 ~]# vim /etc/chrony.conf
server materials.example.com iburst
[root@node1 ~]# systemctl restart chronyd
[root@node1 ~]# systemctl enable chronyd
# Check
# Set an arbitrary time
[root@node1 ~]# date -s "1982-1-1"
Fri Jan 1 12:00:00 AM EST 1982
# Restart the NTP server
[root@node1 ~]# systemctl restart chronyd
# Check if the time is synchronized
# Execute after 3-5 seconds, too fast won't synchronize the time
[root@node1 ~]# date
Tue Dec 12 11:40:19 PM EST 2023
# Use the chronyc command to check synchronization status
[root@node1 ~]# chronyc sources -v
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current best, '+' = combined, '-' = not combined,
| / 'x' = may be in error, '~' = too variable, '?' = unusable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
^* classroom.lab.example.com 8 6 17 42 -14us[ -11us] +/- 463us
/share/dev 上でユーザー john の ACL 権限を設定します。
정답:
See the solution below in Explanation.
Explanation:
Solution:
* Read-only access:
setfacl -m u:john:r-- /share/dev
* Read-write access:
setfacl -m u:john:rw- /share/dev
* Remove ACL permissions:
setfacl -m u:john:--- /share/dev
Detailed Explanation:
* setfacl -m modifies the ACL.
* u:john:r-- grants read only.
* u:john:rw- grants read and write.
* u:john:--- effectively removes access for that ACL entry.
* ACLs are used when standard owner/group/other permissions are not enough.
Explanation:
Solution:
* Read-only access:
setfacl -m u:john:r-- /share/dev
* Read-write access:
setfacl -m u:john:rw- /share/dev
* Remove ACL permissions:
setfacl -m u:john:--- /share/dev
Detailed Explanation:
* setfacl -m modifies the ACL.
* u:john:r-- grants read only.
* u:john:rw- grants read and write.
* u:john:--- effectively removes access for that ACL entry.
* ACLs are used when standard owner/group/other permissions are not enough.
非標準ポート82でHTTPサービスへのアクセスを設定し、SELinuxとfirewalldを通じてそれを許可します。
정답:
See the solution below in Explanation.
Explanation:
Solution:
* Open the firewall port and HTTP service:
firewall-cmd --permanent --add-port=82/tcp
firewall-cmd --permanent --add-service=http
firewall-cmd --reload
* Add SELinux port labeling:
semanage port -a -t http_port_t -p tcp 82
Detailed Explanation:
* firewall-cmd --permanent makes the change persistent.
* --add-port=82/tcp opens the custom TCP port.
* --add-service=http keeps standard HTTP allowed too.
* SELinux blocks services on unexpected ports unless the port is labeled correctly.
* http_port_t tells SELinux that port 82 is valid for web services.
Explanation:
Solution:
* Open the firewall port and HTTP service:
firewall-cmd --permanent --add-port=82/tcp
firewall-cmd --permanent --add-service=http
firewall-cmd --reload
* Add SELinux port labeling:
semanage port -a -t http_port_t -p tcp 82
Detailed Explanation:
* firewall-cmd --permanent makes the change persistent.
* --add-port=82/tcp opens the custom TCP port.
* --add-service=http keeps standard HTTP allowed too.
* SELinux blocks services on unexpected ports unless the port is labeled correctly.
* http_port_t tells SELinux that port 82 is valid for web services.
SELinuxのデバッグ
非標準ポート82で動作するWebサーバーが、コンテンツ配信中に問題に遭遇しました。以下の条件を満たすように問題をデバッグして解決してください。
- システム上のウェブサーバーは、/var/www/html にホストされている HTML ファイルを配信できます(注:既存のファイルの内容を削除または変更しないでください)。
- Webサーバーはポート82でコンテンツを提供できます
- Webサーバーはシステム起動時に自動的に起動できます
非標準ポート82で動作するWebサーバーが、コンテンツ配信中に問題に遭遇しました。以下の条件を満たすように問題をデバッグして解決してください。
- システム上のウェブサーバーは、/var/www/html にホストされている HTML ファイルを配信できます(注:既存のファイルの内容を削除または変更しないでください)。
- Webサーバーはポート82でコンテンツを提供できます
- Webサーバーはシステム起動時に自動的に起動できます
정답:
Solution:
# Check which package provides the semanage command
[root@node1 ~]# yum provides "*/semanage"
# Install the semanage command
[root@node1 ~]# yum -y install policycoreutils-python-utils
[root@node1 ~]# semanage port -l |grep http
[root@node1 ~]# semanage port -a -t http_port_t -p tcp 82
# Alternatively, you can use man semanage port, then search for EXAMPLE.
[root@node1 ~]# systemctl restart httpd
[root@node1 ~]# systemctl enable httpd
# Verification, seeing the source code indicates correctness (mandatory operation)
[root@node1 ~]# curl http://node1.domain250.example.com:82
# Check which package provides the semanage command
[root@node1 ~]# yum provides "*/semanage"
# Install the semanage command
[root@node1 ~]# yum -y install policycoreutils-python-utils
[root@node1 ~]# semanage port -l |grep http
[root@node1 ~]# semanage port -a -t http_port_t -p tcp 82
# Alternatively, you can use man semanage port, then search for EXAMPLE.
[root@node1 ~]# systemctl restart httpd
[root@node1 ~]# systemctl enable httpd
# Verification, seeing the source code indicates correctness (mandatory operation)
[root@node1 ~]# curl http://node1.domain250.example.com:82
192.168.50.0/24 のクライアントが読み書き可能にマウントできるように、NFS エクスポート /srv/nfs/projects を設定します。
정답:
See the solution below in Explanation.
Explanation:
Solution:
dnf install -y nfs-utils
mkdir -p /srv/nfs/projects
echo "/srv/nfs/projects 192.168.50.0/24(rw,sync)" > > /etc/exports
exportfs -rav
systemctl enable --now nfs-server
firewall-cmd --permanent --add-service=nfs
firewall-cmd --reload
exportfs -s
Detailed Explanation:
* nfs-utils provides the NFS server tools.
* /etc/exports defines the exported directory and allowed client network.
* exportfs -rav reloads exports.
* nfs-server must be enabled and started.
* If a firewall is enabled, the NFS service must be allowed.
* RHEL 10 network file services documentation covers NFS server configuration. ( Red Hat
Documentation )
Explanation:
Solution:
dnf install -y nfs-utils
mkdir -p /srv/nfs/projects
echo "/srv/nfs/projects 192.168.50.0/24(rw,sync)" > > /etc/exports
exportfs -rav
systemctl enable --now nfs-server
firewall-cmd --permanent --add-service=nfs
firewall-cmd --reload
exportfs -s
Detailed Explanation:
* nfs-utils provides the NFS server tools.
* /etc/exports defines the exported directory and allowed client network.
* exportfs -rav reloads exports.
* nfs-server must be enabled and started.
* If a firewall is enabled, the NFS service must be allowed.
* RHEL 10 network file services documentation covers NFS server configuration. ( Red Hat
Documentation )
コンテナをサービスとして構成する
ユーザー「wallah」として、コンテナ用のsystemdサービスを設定します。
- コンテナ名: ascii2pdf
- 以前作成したpdfという名前の画像を使用してください。
- サービス名: container-ascii2pdf
- システム再起動時に、手動操作なしでサービスを自動的に起動します。
- サービスが起動時にコンテナ内の /opt/file を /dir1 に、/opt/progress を /dir2 に自動的にマウントするように設定してください。
ユーザー「wallah」として、コンテナ用のsystemdサービスを設定します。
- コンテナ名: ascii2pdf
- 以前作成したpdfという名前の画像を使用してください。
- サービス名: container-ascii2pdf
- システム再起動時に、手動操作なしでサービスを自動的に起動します。
- サービスが起動時にコンテナ内の /opt/file を /dir1 に、/opt/progress を /dir2 に自動的にマウントするように設定してください。
정답:
Solution:
# Note: Perform the following operations by SSHing into localhost as the user "wallah"
[root@node1 ~]# ssh wallah@localhost
# Prepare the relevant mapping directories
[wallah@node1 ~]$ sudo mkdir /opt/{file,progress}
[wallah@node1 ~]$ sudo chown wallah:wallah /opt/{file,progress}
# Start the container and map directories
# :Z changes the SELinux security context of the directory to allow container access.
[wallah@node1 ~]$ podman run -d --name ascii2pdf -v /opt/file:/dir1:Z -v /opt/progress:/dir2:Z pdf
[wallah@node1 ~]$ podman ps -a
# Create systemd service file
[wallah@node1 ~]$ mkdir -p ~/.config/systemd/user
[wallah@node1 ~]$ cd ~/.config/systemd/user/
[wallah@node1 ~]$ podman generate systemd -n ascii2pdf -f --new
[wallah@node1 user]$ ll
total 4
-rw-r--r--. 1 wallah wallah 770 Dec 13 01:07 container-ascii2pdf.service
# Stop and remove the existing ascii2pdf container
[wallah@node1 ~]$ podman stop ascii2pdf
[wallah@node1 ~]$ podman rm ascii2pdf
[wallah@node1 ~]$ podman ps -a
# Enable and start the container-ascii2pdf service
[wallah@node1 ~]$ systemctl --user daemon-reload
[wallah@node1 ~]$ systemctl --user enable --now container-ascii2pdf
# Check container status
[wallah@node1 ~]$ systemctl --user status container-ascii2pdf
[wallah@node1 ~]$ podman ps
# On node1, switch to the root user to perform the following operations
# Ensure that the services for the wallah user start automatically at system boot
[root@node1 ~]# loginctl enable-linger
[root@node1 ~]# loginctl show-user wallah
# Check to ensure the container starts on boot (mandatory operation)
[root@node1 ~]# reboot
[root@node1 ~]# ssh wallah@node1
[wallah@node1 ~]# podman ps
# Note: Perform the following operations by SSHing into localhost as the user "wallah"
[root@node1 ~]# ssh wallah@localhost
# Prepare the relevant mapping directories
[wallah@node1 ~]$ sudo mkdir /opt/{file,progress}
[wallah@node1 ~]$ sudo chown wallah:wallah /opt/{file,progress}
# Start the container and map directories
# :Z changes the SELinux security context of the directory to allow container access.
[wallah@node1 ~]$ podman run -d --name ascii2pdf -v /opt/file:/dir1:Z -v /opt/progress:/dir2:Z pdf
[wallah@node1 ~]$ podman ps -a
# Create systemd service file
[wallah@node1 ~]$ mkdir -p ~/.config/systemd/user
[wallah@node1 ~]$ cd ~/.config/systemd/user/
[wallah@node1 ~]$ podman generate systemd -n ascii2pdf -f --new
[wallah@node1 user]$ ll
total 4
-rw-r--r--. 1 wallah wallah 770 Dec 13 01:07 container-ascii2pdf.service
# Stop and remove the existing ascii2pdf container
[wallah@node1 ~]$ podman stop ascii2pdf
[wallah@node1 ~]$ podman rm ascii2pdf
[wallah@node1 ~]$ podman ps -a
# Enable and start the container-ascii2pdf service
[wallah@node1 ~]$ systemctl --user daemon-reload
[wallah@node1 ~]$ systemctl --user enable --now container-ascii2pdf
# Check container status
[wallah@node1 ~]$ systemctl --user status container-ascii2pdf
[wallah@node1 ~]$ podman ps
# On node1, switch to the root user to perform the following operations
# Ensure that the services for the wallah user start automatically at system boot
[root@node1 ~]# loginctl enable-linger
[root@node1 ~]# loginctl show-user wallah
# Check to ensure the container starts on boot (mandatory operation)
[root@node1 ~]# reboot
[root@node1 ~]# ssh wallah@node1
[wallah@node1 ~]# podman ps
/var/log の tar アーカイブを /root/logs.tar という名前で作成し、それを /backup に展開します。
정답:
See the solution below in Explanation.
Explanation:
Solution:
mkdir -p /backup
tar -cvf /root/logs.tar /var/log
tar -xvf /root/logs.tar -C /backup
Detailed Explanation:
* tar -cvf creates an uncompressed archive.
* tar -xvf extracts the archive.
* -C /backup tells tar where to extract the files.
* This is a common RHCSA-style archive and restore task.
Explanation:
Solution:
mkdir -p /backup
tar -cvf /root/logs.tar /var/log
tar -xvf /root/logs.tar -C /backup
Detailed Explanation:
* tar -cvf creates an uncompressed archive.
* tar -xvf extracts the archive.
* -C /backup tells tar where to extract the files.
* This is a common RHCSA-style archive and restore task.