Jump To Close Expand all Collapse all Table of contents System Design Guide Making open source more inclusive Providing feedback on Red Hat documentation I. Design of installation Expand section "I. Design of installation" Collapse section "I. Design of installation" 1. Supported RHEL architectures and system requirements Expand section "1. Supported RHEL architectures and system requirements" Collapse section "1. Supported RHEL architectures and system requirements" 1.1. Supported architectures 1.2. System requirements 2. Preparing for your installation Expand section "2. Preparing for your installation" Collapse section "2. Preparing for your installation" 2.1. Recommended steps 2.2. RHEL installation methods 2.3. System requirements 2.4. Installation boot media options 2.5. Types of installation ISO images 2.6. Downloading a RHEL installation ISO image Expand section "2.6. Downloading a RHEL installation ISO image" Collapse section "2.6. Downloading a RHEL installation ISO image" 2.6.1. Types of installation ISO images 2.6.2. Downloading an ISO image from the Customer Portal 2.6.3. Downloading an ISO image using curl 2.7. Creating a bootable installation medium for RHEL Expand section "2.7. Creating a bootable installation medium for RHEL" Collapse section "2.7. Creating a bootable installation medium for RHEL" 2.7.1. Installation boot media options 2.7.2. Creating a bootable DVD or CD 2.7.3. Creating a bootable USB device on Linux 2.7.4. Creating a bootable USB device on Windows 2.7.5. Creating a bootable USB device on Mac OS X 2.8. Preparing an installation source Expand section "2.8. Preparing an installation source" Collapse section "2.8. Preparing an installation source" 2.8.1. Types of installation source 2.8.2. Specify the installation source 2.8.3. Ports for network-based installation 2.8.4. Creating an installation source on an NFS server 2.8.5. Creating an installation source using HTTP or HTTPS 2.8.6. Creating an installation source using FTP 2.8.7. Preparing a hard drive as an installation source 3. Getting started Expand section "3. Getting started" Collapse section "3. Getting started" 3.1. Booting the installation Expand section "3.1. Booting the installation" Collapse section "3.1. Booting the installation" 3.1.1. Boot menu 3.1.2. Types of boot options 3.1.3. Editing the boot: prompt in BIOS 3.1.4. Editing predefined boot options using the > prompt 3.1.5. Editing the GRUB2 menu for the UEFI-based systems 3.1.6. Booting the installation from a USB, CD, or DVD 3.1.7. Booting the installation from a network using PXE 3.2. Installing RHEL using an ISO image from the Customer Portal 3.3. Registering and installing RHEL from the CDN using the GUI Expand section "3.3. Registering and installing RHEL from the CDN using the GUI" Collapse section "3.3. Registering and installing RHEL from the CDN using the GUI" 3.3.1. What is the Content Delivery Network 3.3.2. Registering and installing RHEL from the CDN Expand section "3.3.2. Registering and installing RHEL from the CDN" Collapse section "3.3.2. Registering and installing RHEL from the CDN" 3.3.2.1. Installation source repository after system registration 3.3.3. Verifying your system registration from the CDN 3.3.4. Unregistering your system from the CDN 3.4. Completing the installation 4. Customizing your installation Expand section "4. Customizing your installation" Collapse section "4. Customizing your installation" 4.1. Configuring language and location settings 4.2. Configuring localization options 4.3. Configuring system options Expand section "4.3. Configuring system options" Collapse section "4.3. Configuring system options" 4.3.1. Configuring installation destination 4.3.2. Configuring boot loader 4.3.3. Configuring Kdump 4.3.4. Configuring network and host name options Expand section "4.3.4. Configuring network and host name options" Collapse section "4.3.4. Configuring network and host name options" 4.3.4.1. Adding a virtual network interface 4.3.4.2. Editing network interface configuration 4.3.4.3. Enabling or Disabling the Interface Connection 4.3.4.4. Setting up Static IPv4 or IPv6 Settings 4.3.4.5. Configuring Routes 4.3.4.6. Additional resources 4.3.5. Configuring Connect to Red Hat Expand section "4.3.5. Configuring Connect to Red Hat" Collapse section "4.3.5. Configuring Connect to Red Hat" 4.3.5.1. Introduction to System Purpose 4.3.5.2. Configuring Connect to Red Hat options 4.3.5.3. Installation source repository after system registration 4.3.5.4. Verifying your system registration from the CDN 4.3.5.5. Unregistering your system from the CDN 4.3.5.6. Additional resources 4.3.6. Installing System Aligned with a Security Policy Expand section "4.3.6. Installing System Aligned with a Security Policy" Collapse section "4.3.6. Installing System Aligned with a Security Policy" 4.3.6.1. About security policy 4.3.6.2. Configuring a security policy 4.3.6.3. Additional resources 4.4. Configuring software settings Expand section "4.4. Configuring software settings" Collapse section "4.4. Configuring software settings" 4.4.1. Configuring installation source 4.4.2. Configuring software selection 4.5. Configuring storage devices Expand section "4.5. Configuring storage devices" Collapse section "4.5. Configuring storage devices" 4.5.1. Storage device selection 4.5.2. Filtering storage devices 4.5.3. Using advanced storage options Expand section "4.5.3. Using advanced storage options" Collapse section "4.5.3. Using advanced storage options" 4.5.3.1. Discovering and starting an iSCSI session 4.5.3.2. Configuring FCoE parameters 4.5.3.3. Configuring DASD storage devices 4.5.3.4. Configuring FCP devices 4.5.4. Installing to an NVDIMM device Expand section "4.5.4. Installing to an NVDIMM device" Collapse section "4.5.4. Installing to an NVDIMM device" 4.5.4.1. Criteria for using an NVDIMM device as an installation target 4.5.4.2. Configuring an NVDIMM device using the graphical installation mode 4.6. Configuring manual partitioning Expand section "4.6. Configuring manual partitioning" Collapse section "4.6. Configuring manual partitioning" 4.6.1. Starting manual partitioning 4.6.2. Adding a mount point file system 4.6.3. Configuring storage for a mount point file system 4.6.4. Customizing a mount point file system 4.6.5. Preserving the /home directory 4.6.6. Creating a software RAID during the installation 4.6.7. Creating an LVM logical volume 4.6.8. Configuring an LVM logical volume 4.7. Configuring a root password 4.8. Creating a user account 4.9. Editing advanced user settings 5. Completing post-installation tasks Expand section "5. Completing post-installation tasks" Collapse section "5. Completing post-installation tasks" 5.1. Completing initial setup 5.2. Registering your system using the command line 5.3. Registering your system using the Subscription Manager User Interface 5.4. Registering RHEL 8 using the installer GUI 5.5. Registration Assistant 5.6. Configuring System Purpose using the subscription-manager command-line tool 5.7. Securing your system 5.8. Deploying systems that are compliant with a security profile immediately after an installation Expand section "5.8. Deploying systems that are compliant with a security profile immediately after an installation" Collapse section "5.8. Deploying systems that are compliant with a security profile immediately after an installation" 5.8.1. Profiles not compatible with Server with GUI 5.8.2. Deploying baseline-compliant RHEL systems using the graphical installation 5.8.3. Deploying baseline-compliant RHEL systems using Kickstart 5.9. Next steps A. Troubleshooting Expand section "A. Troubleshooting" Collapse section "A. Troubleshooting" A.1. Troubleshooting during the installation Expand section "A.1. Troubleshooting during the installation" Collapse section "A.1. Troubleshooting during the installation" A.1.1. Disks are not detected A.1.2. Reporting error messages to Red Hat Customer Support A.1.3. Partitioning issues for IBM Power Systems B. Tools and tips for troubleshooting and bug reporting Expand section "B. Tools and tips for troubleshooting and bug reporting" Collapse section "B. Tools and tips for troubleshooting and bug reporting" B.1. Dracut B.2. Using installation log files Expand section "B.2. Using installation log files" Collapse section "B.2. Using installation log files" B.2.1. Creating pre-installation log files B.2.2. Transferring installation log files to a USB drive B.2.3. Transferring installation log files over the network B.3. Detecting memory faults using the Memtest86 application Expand section "B.3. Detecting memory faults using the Memtest86 application" Collapse section "B.3. Detecting memory faults using the Memtest86 application" B.3.1. Running Memtest86 B.4. Verifying boot media B.5. Consoles and logging during installation B.6. Saving screenshots B.7. Display settings and device drivers B.8. Reporting error messages to Red Hat Customer Support C. Troubleshooting Expand section "C. Troubleshooting" Collapse section "C. Troubleshooting" C.1. Resuming an interrupted download attempt C.2. Disks are not detected C.3. Cannot boot with a RAID card C.4. Graphical boot sequence is not responding C.5. X server fails after log in C.6. RAM is not recognized C.7. System is displaying signal 11 errors C.8. Unable to IPL from network storage space C.9. Using XDMCP C.10. Using rescue mode Expand section "C.10. Using rescue mode" Collapse section "C.10. Using rescue mode" C.10.1. Booting into rescue mode C.10.2. Using an SOS report in rescue mode C.10.3. Reinstalling the GRUB2 boot loader C.10.4. Using RPM to add or remove a driver Expand section "C.10.4. Using RPM to add or remove a driver" Collapse section "C.10.4. Using RPM to add or remove a driver" C.10.4.1. Adding a driver using RPM C.10.4.2. Removing a driver using RPM C.11. ip= boot option returns an error C.12. Cannot boot into the graphical installation on iLO or iDRAC devices C.13. Rootfs image is not initramfs D. System requirements reference Expand section "D. System requirements reference" Collapse section "D. System requirements reference" D.1. Hardware compatibility D.2. Supported installation targets D.3. System specifications D.4. Disk and memory requirements D.5. UEFI Secure Boot and Beta release requirements E. Partitioning reference Expand section "E. Partitioning reference" Collapse section "E. Partitioning reference" E.1. Supported device types E.2. Supported file systems E.3. Supported RAID types E.4. Recommended partitioning scheme E.5. Advice on partitions E.6. Supported hardware storage F. Boot options reference Expand section "F. Boot options reference" Collapse section "F. Boot options reference" F.1. Installation source boot options F.2. Network boot options F.3. Console boot options F.4. Debug boot options F.5. Storage boot options F.6. Deprecated boot options F.7. Removed boot options G. Changing a subscription service Expand section "G. Changing a subscription service" Collapse section "G. Changing a subscription service" G.1. Unregistering from Subscription Management Server Expand section "G.1. Unregistering from Subscription Management Server" Collapse section "G.1. Unregistering from Subscription Management Server" G.1.1. Unregistering using command line G.1.2. Unregistering using Subscription Manager user interface G.2. Unregistering from Satellite Server H. iSCSI disks in installation program 6. Booting a beta system with UEFI Secure Boot Expand section "6. Booting a beta system with UEFI Secure Boot" Collapse section "6. Booting a beta system with UEFI Secure Boot" 6.1. UEFI Secure Boot and RHEL Beta releases 6.2. Adding a Beta public key for UEFI Secure Boot 6.3. Removing a Beta public key 7. Composing a customized RHEL system image Expand section "7. Composing a customized RHEL system image" Collapse section "7. Composing a customized RHEL system image" 7.1. Image builder description Expand section "7.1. Image builder description" Collapse section "7.1. Image builder description" 7.1.1. What is image builder? 7.1.2. Image builder terminology 7.1.3. Image builder output formats 7.1.4. Image builder system requirements 7.2. Installing image builder Expand section "7.2. Installing image builder" Collapse section "7.2. Installing image builder" 7.2.1. Image builder system requirements 7.2.2. Installing image builder in a virtual machine 7.2.3. Reverting to lorax-composer image builder backend 7.3. Creating system images using the image builder command-line interface Expand section "7.3. Creating system images using the image builder command-line interface" Collapse section "7.3. Creating system images using the image builder command-line interface" 7.3.1. Introducing the image builder command-line interface 7.3.2. Creating an image builder blueprint using the command-line interface 7.3.3. Editing an image builder blueprint with command-line interface 7.3.4. Creating a system image with image builder in the command-line interface 7.3.5. Basic image builder command-line commands 7.3.6. Image builder blueprint format 7.3.7. Supported image customizations 7.3.8. Packages installed by image builder 7.3.9. Enabled services on custom images 7.4. Creating system images using the image builder web console interface Expand section "7.4. Creating system images using the image builder web console interface" Collapse section "7.4. Creating system images using the image builder web console interface" 7.4.1. Accessing the image builder GUI in the RHEL web console 7.4.2. Creating an image builder blueprint in the web console interface 7.4.3. Creating a system image using image builder in the web console interface 7.5. Preparing and uploading cloud images using image builder Expand section "7.5. Preparing and uploading cloud images using image builder" Collapse section "7.5. Preparing and uploading cloud images using image builder" 7.5.1. Preparing to upload AWS AMI images 7.5.2. Uploading an AMI image to AWS using the CLI 7.5.3. Pushing images to AWS Cloud AMI 7.5.4. Preparing to upload Microsoft Azure VHD images 7.5.5. Uploading VHD images to Microsoft Azure cloud 7.5.6. Uploading VMDK images and creating a RHEL virtual machine in vSphere 7.5.7. Uploading images to GCP with image builder Expand section "7.5.7. Uploading images to GCP with image builder" Collapse section "7.5.7. Uploading images to GCP with image builder" 7.5.7.1. Uploading a gce image to GCP using the CLI 7.5.7.2. Authenticating with GCP Expand section "7.5.7.2. Authenticating with GCP" Collapse section "7.5.7.2. Authenticating with GCP" 7.5.7.2.1. Specifying credentials with the composer-cli command 7.5.7.2.2. Specifying credentials in the osbuild-composer worker configuration 7.5.8. Pushing VMDK images to vSphere using the GUI image builder tool 7.5.9. Pushing VHD images to Microsoft Azure cloud using the GUI image builder tool 7.5.10. Uploading QCOW2 images to OpenStack 7.5.11. Preparing to upload customized RHEL images to Alibaba 7.5.12. Uploading customized RHEL images to Alibaba 7.5.13. Importing images to Alibaba 7.5.14. Creating an instance of a customized RHEL image using Alibaba 8. Performing an automated installation using Kickstart Expand section "8. Performing an automated installation using Kickstart" Collapse section "8. Performing an automated installation using Kickstart" 8.1. Kickstart installation basics Expand section "8.1. Kickstart installation basics" Collapse section "8.1. Kickstart installation basics" 8.1.1. What are Kickstart installations 8.1.2. Automated installation workflow 8.2. Creating Kickstart files Expand section "8.2. Creating Kickstart files" Collapse section "8.2. Creating Kickstart files" 8.2.1. Creating a Kickstart file with the Kickstart configuration tool 8.2.2. Creating a Kickstart file by performing a manual installation 8.2.3. Converting a Kickstart file from previous RHEL installation 8.2.4. Creating a custom image using Image Builder 8.3. Making Kickstart files available to the installation program Expand section "8.3. Making Kickstart files available to the installation program" Collapse section "8.3. Making Kickstart files available to the installation program" 8.3.1. Ports for network-based installation 8.3.2. Making a Kickstart file available on an NFS server 8.3.3. Making a Kickstart file available on an HTTP or HTTPS server 8.3.4. Making a Kickstart file available on an FTP server 8.3.5. Making a Kickstart file available on a local volume 8.3.6. Making a Kickstart file available on a local volume for automatic loading 8.4. Creating installation sources for Kickstart installations Expand section "8.4. Creating installation sources for Kickstart installations" Collapse section "8.4. Creating installation sources for Kickstart installations" 8.4.1. Types of installation source 8.4.2. Ports for network-based installation 8.4.3. Creating an installation source on an NFS server 8.4.4. Creating an installation source using HTTP or HTTPS 8.4.5. Creating an installation source using FTP 8.5. Starting Kickstart installations Expand section "8.5. Starting Kickstart installations" Collapse section "8.5. Starting Kickstart installations" 8.5.1. Starting a Kickstart installation manually 8.5.2. Starting a Kickstart installation automatically using PXE 8.5.3. Starting a Kickstart installation automatically using a local volume 8.6. Consoles and logging during installation 8.7. Maintaining Kickstart files Expand section "8.7. Maintaining Kickstart files" Collapse section "8.7. Maintaining Kickstart files" 8.7.1. Installing Kickstart maintenance tools 8.7.2. Verifying a Kickstart file 8.8. Registering and installing RHEL from the CDN using Kickstart Expand section "8.8. Registering and installing RHEL from the CDN using Kickstart" Collapse section "8.8. Registering and installing RHEL from the CDN using Kickstart" 8.8.1. Registering and installing RHEL from the CDN 8.8.2. Verifying your system registration from the CDN 8.8.3. Unregistering your system from the CDN 8.9. Performing a remote RHEL installation using VNC Expand section "8.9. Performing a remote RHEL installation using VNC" Collapse section "8.9. Performing a remote RHEL installation using VNC" 8.9.1. Overview 8.9.2. Considerations 8.9.3. Performing a remote RHEL installation in VNC Direct mode 8.9.4. Performing a remote RHEL installation in VNC Connect mode 9. Advanced configuration options Expand section "9. Advanced configuration options" Collapse section "9. Advanced configuration options" 9.1. Configuring System Purpose Expand section "9.1. Configuring System Purpose" Collapse section "9.1. Configuring System Purpose" 9.1.1. Overview 9.1.2. Configuring System Purpose in a Kickstart file 9.1.3. Additional resources 9.2. Updating drivers during installation Expand section "9.2. Updating drivers during installation" Collapse section "9.2. Updating drivers during installation" 9.2.1. Overview 9.2.2. Types of driver update 9.2.3. Preparing a driver update 9.2.4. Performing an automatic driver update 9.2.5. Performing an assisted driver update 9.2.6. Performing a manual driver update 9.2.7. Disabling a driver 9.3. Preparing to install from the network using PXE Expand section "9.3. Preparing to install from the network using PXE" Collapse section "9.3. Preparing to install from the network using PXE" 9.3.1. Network install overview 9.3.2. Configuring a TFTP server for BIOS-based clients 9.3.3. Configuring a TFTP server for UEFI-based clients 9.3.4. Configuring a network server for IBM Power systems 9.4. Boot options Expand section "9.4. Boot options" Collapse section "9.4. Boot options" 9.4.1. Types of boot options 9.4.2. Editing boot options Expand section "9.4.2. Editing boot options" Collapse section "9.4.2. Editing boot options" 9.4.2.1. Editing the boot: prompt in BIOS 9.4.2.2. Editing predefined boot options using the > prompt 9.4.2.3. Editing the GRUB2 menu for the UEFI-based systems 9.4.3. Installation source boot options 9.4.4. Network boot options 9.4.5. Console boot options 9.4.6. Debug boot options 9.4.7. Storage boot options 9.4.8. Kickstart boot options 9.4.9. Advanced installation boot options 9.4.10. Deprecated boot options 9.4.11. Removed boot options 10. Kickstart references Expand section "10. Kickstart references" Collapse section "10. Kickstart references" I. Kickstart script file format reference Expand section "I. Kickstart script file format reference" Collapse section "I. Kickstart script file format reference" I.1. Kickstart file format I.2. Package selection in Kickstart Expand section "I.2. Package selection in Kickstart" Collapse section "I.2. Package selection in Kickstart" I.2.1. Package selection section I.2.2. Package selection commands I.2.3. Common package selection options I.2.4. Options for specific package groups I.3. Scripts in Kickstart file Expand section "I.3. Scripts in Kickstart file" Collapse section "I.3. Scripts in Kickstart file" I.3.1. %pre script Expand section "I.3.1. %pre script" Collapse section "I.3.1. %pre script" I.3.1.1. %pre script section options I.3.2. %pre-install script Expand section "I.3.2. %pre-install script" Collapse section "I.3.2. %pre-install script" I.3.2.1. %pre-install script section options I.3.3. %post script Expand section "I.3.3. %post script" Collapse section "I.3.3. %post script" I.3.3.1. %post script section options I.3.3.2. Example: Mounting NFS in a post-install script I.3.3.3. Example: Running subscription-manager as a post-install script I.4. Anaconda configuration section I.5. Kickstart error handling section I.6. Kickstart add-on sections J. Kickstart commands and options reference Expand section "J. Kickstart commands and options reference" Collapse section "J. Kickstart commands and options reference" J.1. Kickstart changes Expand section "J.1. Kickstart changes" Collapse section "J.1. Kickstart changes" J.1.1. Deprecated Kickstart commands and options J.1.2. Removed Kickstart commands and options J.2. Kickstart commands for installation program configuration and flow control Expand section "J.2. Kickstart commands for installation program configuration and flow control" Collapse section "J.2. Kickstart commands for installation program configuration and flow control" J.2.1. cdrom J.2.2. cmdline J.2.3. driverdisk J.2.4. eula J.2.5. firstboot J.2.6. graphical J.2.7. halt J.2.8. harddrive J.2.9. install (deprecated) J.2.10. liveimg J.2.11. logging J.2.12. mediacheck J.2.13. nfs J.2.14. ostreesetup J.2.15. poweroff J.2.16. reboot J.2.17. rhsm J.2.18. shutdown J.2.19. sshpw J.2.20. text J.2.21. url J.2.22. vnc J.2.23. %include J.2.24. %ksappend J.3. Kickstart commands for system configuration Expand section "J.3. Kickstart commands for system configuration" Collapse section "J.3. Kickstart commands for system configuration" J.3.1. auth or authconfig (deprecated) J.3.2. authselect J.3.3. firewall J.3.4. group J.3.5. keyboard (required) J.3.6. lang (required) J.3.7. module J.3.8. repo J.3.9. rootpw (required) J.3.10. selinux J.3.11. services J.3.12. skipx J.3.13. sshkey J.3.14. syspurpose J.3.15. timezone (required) J.3.16. user J.3.17. xconfig J.4. Kickstart commands for network configuration Expand section "J.4. Kickstart commands for network configuration" Collapse section "J.4. Kickstart commands for network configuration" J.4.1. network (optional) J.4.2. realm J.5. Kickstart commands for handling storage Expand section "J.5. Kickstart commands for handling storage" Collapse section "J.5. Kickstart commands for handling storage" J.5.1. device (deprecated) J.5.2. autopart J.5.3. bootloader (required) J.5.4. zipl J.5.5. clearpart J.5.6. fcoe J.5.7. ignoredisk J.5.8. iscsi J.5.9. iscsiname J.5.10. logvol J.5.11. mount J.5.12. nvdimm J.5.13. part or partition J.5.14. raid J.5.15. reqpart J.5.16. snapshot J.5.17. volgroup J.5.18. zerombr J.5.19. zfcp J.6. Kickstart commands for addons supplied with the RHEL installation program Expand section "J.6. Kickstart commands for addons supplied with the RHEL installation program" Collapse section "J.6. Kickstart commands for addons supplied with the RHEL installation program" J.6.1. %addon com_redhat_kdump J.6.2. %addon org_fedora_oscap J.7. Commands used in Anaconda Expand section "J.7. Commands used in Anaconda" Collapse section "J.7. Commands used in Anaconda" J.7.1. pwpolicy J.8. Kickstart commands for system recovery Expand section "J.8. Kickstart commands for system recovery" Collapse section "J.8. Kickstart commands for system recovery" J.8.1. rescue II. Design of security Expand section "II. Design of security" Collapse section "II. Design of security" 11. Overview of security hardening in RHEL Expand section "11. Overview of security hardening in RHEL" Collapse section "11. Overview of security hardening in RHEL" 11.1. What is computer security? 11.2. Standardizing security 11.3. Cryptographic software and certifications 11.4. Security controls Expand section "11.4. Security controls" Collapse section "11.4. Security controls" 11.4.1. Physical controls 11.4.2. Technical controls 11.4.3. Administrative controls 11.5. Vulnerability assessment Expand section "11.5. Vulnerability assessment" Collapse section "11.5. Vulnerability assessment" 11.5.1. Defining assessment and testing 11.5.2. Establishing a methodology for vulnerability assessment 11.5.3. Vulnerability assessment tools 11.6. Security threats Expand section "11.6. Security threats" Collapse section "11.6. Security threats" 11.6.1. Threats to network security 11.6.2. Threats to server security 11.6.3. Threats to workstation and home PC security 11.7. Common exploits and attacks 12. Securing RHEL during installation Expand section "12. Securing RHEL during installation" Collapse section "12. Securing RHEL during installation" 12.1. BIOS and UEFI security Expand section "12.1. BIOS and UEFI security" Collapse section "12.1. BIOS and UEFI security" 12.1.1. BIOS passwords 12.1.2. Non-BIOS-based systems security 12.2. Disk partitioning 12.3. Restricting network connectivity during the installation process 12.4. Installing the minimum amount of packages required 12.5. Post-installation procedures 13. Using system-wide cryptographic policies Expand section "13. Using system-wide cryptographic policies" Collapse section "13. Using system-wide cryptographic policies" 13.1. System-wide cryptographic policies 13.2. Switching the system-wide cryptographic policy to mode compatible with earlier releases 13.3. Setting up system-wide cryptographic policies in the web console 13.4. Switching the system to FIPS mode 13.5. Enabling FIPS mode in a container 13.6. List of RHEL applications using cryptography that is not compliant with FIPS 140-2 13.7. Excluding an application from following system-wide crypto policies Expand section "13.7. Excluding an application from following system-wide crypto policies" Collapse section "13.7. Excluding an application from following system-wide crypto policies" 13.7.1. Examples of opting out of system-wide crypto policies 13.8. Customizing system-wide cryptographic policies with subpolicies 13.9. Disabling SHA-1 by customizing a system-wide cryptographic policy 13.10. Creating and setting a custom system-wide cryptographic policy 13.11. Additional resources 14. Configuring applications to use cryptographic hardware through PKCS #11 Expand section "14. Configuring applications to use cryptographic hardware through PKCS #11" Collapse section "14. Configuring applications to use cryptographic hardware through PKCS #11" 14.1. Cryptographic hardware support through PKCS #11 14.2. Using SSH keys stored on a smart card 14.3. Configuring applications to authenticate using certificates from smart cards 14.4. Using HSMs protecting private keys in Apache 14.5. Using HSMs protecting private keys in Nginx 14.6. Additional resources 15. Using shared system certificates Expand section "15. Using shared system certificates" Collapse section "15. Using shared system certificates" 15.1. The system-wide trust store 15.2. Adding new certificates 15.3. Managing trusted system certificates 16. Scanning the system for security compliance and vulnerabilities Expand section "16. Scanning the system for security compliance and vulnerabilities" Collapse section "16. Scanning the system for security compliance and vulnerabilities" 16.1. Configuration compliance tools in RHEL 16.2. Red Hat Security Advisories OVAL feed 16.3. Vulnerability scanning Expand section "16.3. Vulnerability scanning" Collapse section "16.3. Vulnerability scanning" 16.3.1. Red Hat Security Advisories OVAL feed 16.3.2. Scanning the system for vulnerabilities 16.3.3. Scanning remote systems for vulnerabilities 16.4. Configuration compliance scanning Expand section "16.4. Configuration compliance scanning" Collapse section "16.4. Configuration compliance scanning" 16.4.1. Configuration compliance in RHEL 16.4.2. Possible results of an OpenSCAP scan 16.4.3. Viewing profiles for configuration compliance 16.4.4. Assessing configuration compliance with a specific baseline 16.5. Remediating the system to align with a specific baseline 16.6. Remediating the system to align with a specific baseline using an SSG Ansible playbook 16.7. Creating a remediation Ansible playbook to align the system with a specific baseline 16.8. Creating a remediation Bash script for a later application 16.9. Scanning the system with a customized profile using SCAP Workbench Expand section "16.9. Scanning the system with a customized profile using SCAP Workbench" Collapse section "16.9. Scanning the system with a customized profile using SCAP Workbench" 16.9.1. Using SCAP Workbench to scan and remediate the system 16.9.2. Customizing a security profile with SCAP Workbench 16.9.3. Additional resources 16.10. Scanning container and container images for vulnerabilities 16.11. Assessing security compliance of a container or a container image with a specific baseline 16.12. Checking integrity with AIDE Expand section "16.12. Checking integrity with AIDE" Collapse section "16.12. Checking integrity with AIDE" 16.12.1. Installing AIDE 16.12.2. Performing integrity checks with AIDE 16.12.3. Updating an AIDE database 16.12.4. File-integrity tools: AIDE and IMA 16.12.5. Additional resources 16.13. Encrypting block devices using LUKS Expand section "16.13. Encrypting block devices using LUKS" Collapse section "16.13. Encrypting block devices using LUKS" 16.13.1. LUKS disk encryption 16.13.2. LUKS versions in RHEL 16.13.3. Options for data protection during LUKS2 re-encryption 16.13.4. Encrypting existing data on a block device using LUKS2 16.13.5. Encrypting existing data on a block device using LUKS2 with a detached header 16.13.6. Encrypting a blank block device using LUKS2 16.13.7. Creating a LUKS encrypted volume using the storage RHEL System Role 16.14. Configuring automated unlocking of encrypted volumes using policy-based decryption Expand section "16.14. Configuring automated unlocking of encrypted volumes using policy-based decryption" Collapse section "16.14. Configuring automated unlocking of encrypted volumes using policy-based decryption" 16.14.1. Network-bound disk encryption 16.14.2. Installing an encryption client - Clevis 16.14.3. Deploying a Tang server with SELinux in enforcing mode 16.14.4. Rotating Tang server keys and updating bindings on clients 16.14.5. Configuring automated unlocking using a Tang key in the web console 16.14.6. Basic NBDE and TPM2 encryption-client operations 16.14.7. Configuring manual enrollment of LUKS-encrypted volumes 16.14.8. Configuring manual enrollment of LUKS-encrypted volumes using a TPM 2.0 policy 16.14.9. Removing a Clevis pin from a LUKS-encrypted volume manually 16.14.10. Configuring automated enrollment of LUKS-encrypted volumes using Kickstart 16.14.11. Configuring automated unlocking of a LUKS-encrypted removable storage device 16.14.12. Deploying high-availability NBDE systems Expand section "16.14.12. Deploying high-availability NBDE systems" Collapse section "16.14.12. Deploying high-availability NBDE systems" 16.14.12.1. High-available NBDE using Shamir’s Secret Sharing Expand section "16.14.12.1. High-available NBDE using Shamir’s Secret Sharing" Collapse section "16.14.12.1. High-available NBDE using Shamir’s Secret Sharing" 16.14.12.1.1. Example 1: Redundancy with two Tang servers 16.14.12.1.2. Example 2: Shared secret on a Tang server and a TPM device 16.14.13. Deployment of virtual machines in a NBDE network 16.14.14. Building automatically-enrollable VM images for cloud environments using NBDE 16.14.15. Deploying Tang as a container 16.14.16. Introduction to the nbde_client and nbde_server System Roles (Clevis and Tang) 16.14.17. Using the nbde_server System Role for setting up multiple Tang servers 16.14.18. Using the nbde_client System Role for setting up multiple Clevis clients 17. Using SELinux Expand section "17. Using SELinux" Collapse section "17. Using SELinux" 17.1. Getting started with SELinux Expand section "17.1. Getting started with SELinux" Collapse section "17.1. Getting started with SELinux" 17.1.1. Introduction to SELinux 17.1.2. Benefits of running SELinux 17.1.3. SELinux examples 17.1.4. SELinux architecture and packages 17.1.5. SELinux states and modes 17.2. Changing SELinux states and modes Expand section "17.2. Changing SELinux states and modes" Collapse section "17.2. Changing SELinux states and modes" 17.2.1. Permanent changes in SELinux states and modes 17.2.2. Changing to permissive mode 17.2.3. Changing to enforcing mode 17.2.4. Enabling SELinux on systems that previously had it disabled 17.2.5. Disabling SELinux 17.2.6. Changing SELinux modes at boot time 17.3. Troubleshooting problems related to SELinux Expand section "17.3. Troubleshooting problems related to SELinux" Collapse section "17.3. Troubleshooting problems related to SELinux" 17.3.1. Identifying SELinux denials 17.3.2. Analyzing SELinux denial messages 17.3.3. Fixing analyzed SELinux denials 17.3.4. SELinux denials in the Audit log 17.3.5. Additional resources III. Design of network Expand section "III. Design of network" Collapse section "III. Design of network" 18. Configuring ip networking with ifcfg files Expand section "18. Configuring ip networking with ifcfg files" Collapse section "18. Configuring ip networking with ifcfg files" 18.1. Configuring an interface with static network settings using ifcfg files 18.2. Configuring an interface with dynamic network settings using ifcfg files 18.3. Managing system-wide and private connection profiles with ifcfg files 19. Getting started with IPVLAN Expand section "19. Getting started with IPVLAN" Collapse section "19. Getting started with IPVLAN" 19.1. IPVLAN modes 19.2. Comparison of IPVLAN and MACVLAN 19.3. Creating and configuring the IPVLAN device using iproute2 20. Reusing the same IP address on different interfaces Expand section "20. Reusing the same IP address on different interfaces" Collapse section "20. Reusing the same IP address on different interfaces" 20.1. Permanently reusing the same IP address on different interfaces 20.2. Temporarily reusing the same IP address on different interfaces 20.3. Additional resources 21. Securing networks Expand section "21. Securing networks" Collapse section "21. Securing networks" 21.1. Using secure communications between two systems with OpenSSH Expand section "21.1. Using secure communications between two systems with OpenSSH" Collapse section "21.1. Using secure communications between two systems with OpenSSH" 21.1.1. SSH and OpenSSH 21.1.2. Configuring and starting an OpenSSH server 21.1.3. Setting an OpenSSH server for key-based authentication 21.1.4. Generating SSH key pairs 21.1.5. Using SSH keys stored on a smart card 21.1.6. Making OpenSSH more secure 21.1.7. Connecting to a remote server using an SSH jump host 21.1.8. Connecting to remote machines with SSH keys using ssh-agent 21.1.9. Additional resources 21.2. Planning and implementing TLS Expand section "21.2. Planning and implementing TLS" Collapse section "21.2. Planning and implementing TLS" 21.2.1. SSL and TLS protocols 21.2.2. Security considerations for TLS in RHEL 8 Expand section "21.2.2. Security considerations for TLS in RHEL 8" Collapse section "21.2.2. Security considerations for TLS in RHEL 8" 21.2.2.1. Protocols 21.2.2.2. Cipher suites 21.2.2.3. Public key length 21.2.3. Hardening TLS configuration in applications Expand section "21.2.3. Hardening TLS configuration in applications" Collapse section "21.2.3. Hardening TLS configuration in applications" 21.2.3.1. Configuring the Apache HTTP server to use TLS 21.2.3.2. Configuring the Nginx HTTP and proxy server to use TLS 21.2.3.3. Configuring the Dovecot mail server to use TLS 21.3. Configuring a VPN with IPsec Expand section "21.3. Configuring a VPN with IPsec" Collapse section "21.3. Configuring a VPN with IPsec" 21.3.1. Libreswan as an IPsec VPN implementation 21.3.2. Authentication methods in Libreswan 21.3.3. Installing Libreswan 21.3.4. Creating a host-to-host VPN 21.3.5. Configuring a site-to-site VPN 21.3.6. Configuring a remote access VPN 21.3.7. Configuring a mesh VPN 21.3.8. Deploying a FIPS-compliant IPsec VPN 21.3.9. Protecting the IPsec NSS database by a password 21.3.10. Configuring an IPsec VPN to use TCP 21.3.11. Configuring automatic detection and usage of ESP hardware offload to accelerate an IPsec connection 21.3.12. Configuring ESP hardware offload on a bond to accelerate an IPsec connection 21.3.13. Configuring IPsec connections that opt out of the system-wide crypto policies 21.3.14. Troubleshooting IPsec VPN configurations 21.3.15. Additional resources 21.4. Using MACsec to encrypt layer-2 traffic in the same physical network Expand section "21.4. Using MACsec to encrypt layer-2 traffic in the same physical network" Collapse section "21.4. Using MACsec to encrypt layer-2 traffic in the same physical network" 21.4.1. Configuring a MACsec connection using nmcli 21.4.2. Additional resources 21.5. Using and configuring firewalld Expand section "21.5. Using and configuring firewalld" Collapse section "21.5. Using and configuring firewalld" 21.5.1. Getting started with firewalld Expand section "21.5.1. Getting started with firewalld" Collapse section "21.5.1. Getting started with firewalld" 21.5.1.1. When to use firewalld, nftables, or iptables 21.5.1.2. Zones 21.5.1.3. Predefined services 21.5.1.4. Starting firewalld 21.5.1.5. Stopping firewalld 21.5.1.6. Verifying the permanent firewalld configuration 21.5.2. Viewing the current status and settings of firewalld Expand section "21.5.2. Viewing the current status and settings of firewalld" Collapse section "21.5.2. Viewing the current status and settings of firewalld" 21.5.2.1. Viewing the current status of firewalld 21.5.2.2. Viewing allowed services using GUI 21.5.2.3. Viewing firewalld settings using CLI 21.5.3. Controlling network traffic using firewalld Expand section "21.5.3. Controlling network traffic using firewalld" Collapse section "21.5.3. Controlling network traffic using firewalld" 21.5.3.1. Disabling all traffic in case of emergency using CLI 21.5.3.2. Controlling traffic with predefined services using CLI 21.5.3.3. Controlling traffic with predefined services using GUI 21.5.3.4. Adding new services 21.5.3.5. Opening ports using GUI 21.5.3.6. Controlling traffic with protocols using GUI 21.5.3.7. Opening source ports using GUI 21.5.4. Controlling ports using CLI Expand section "21.5.4. Controlling ports using CLI" Collapse section "21.5.4. Controlling ports using CLI" 21.5.4.1. Opening a port 21.5.4.2. Closing a port 21.5.5. Working with firewalld zones Expand section "21.5.5. Working with firewalld zones" Collapse section "21.5.5. Working with firewalld zones" 21.5.5.1. Listing zones 21.5.5.2. Modifying firewalld settings for a certain zone 21.5.5.3. Changing the default zone 21.5.5.4. Assigning a network interface to a zone 21.5.5.5. Assigning a zone to a connection using nmcli 21.5.5.6. Manually assigning a zone to a network connection in an ifcfg file 21.5.5.7. Creating a new zone 21.5.5.8. Zone configuration files 21.5.5.9. Using zone targets to set default behavior for incoming traffic 21.5.6. Using zones to manage incoming traffic depending on a source Expand section "21.5.6. Using zones to manage incoming traffic depending on a source" Collapse section "21.5.6. Using zones to manage incoming traffic depending on a source" 21.5.6.1. Adding a source 21.5.6.2. Removing a source 21.5.6.3. Adding a source port 21.5.6.4. Removing a source port 21.5.6.5. Using zones and sources to allow a service for only a specific domain 21.5.7. Filtering forwarded traffic between zones Expand section "21.5.7. Filtering forwarded traffic between zones" Collapse section "21.5.7. Filtering forwarded traffic between zones" 21.5.7.1. The relationship between policy objects and zones 21.5.7.2. Using priorities to sort policies 21.5.7.3. Using policy objects to filter traffic between locally hosted Containers and a network physically connected to the host 21.5.7.4. Setting the default target of policy objects 21.5.8. Configuring NAT using firewalld Expand section "21.5.8. Configuring NAT using firewalld" Collapse section "21.5.8. Configuring NAT using firewalld" 21.5.8.1. NAT types 21.5.8.2. Configuring IP address masquerading 21.5.9. Using DNAT to forward HTTPS traffic to a different host 21.5.10. Managing ICMP requests Expand section "21.5.10. Managing ICMP requests" Collapse section "21.5.10. Managing ICMP requests" 21.5.10.1. Listing and blocking ICMP requests 21.5.10.2. Configuring the ICMP filter using GUI 21.5.11. Setting and controlling IP sets using firewalld Expand section "21.5.11. Setting and controlling IP sets using firewalld" Collapse section "21.5.11. Setting and controlling IP sets using firewalld" 21.5.11.1. Configuring IP set options using CLI 21.5.12. Prioritizing rich rules Expand section "21.5.12. Prioritizing rich rules" Collapse section "21.5.12. Prioritizing rich rules" 21.5.12.1. How the priority parameter organizes rules into different chains 21.5.12.2. Setting the priority of a rich rule 21.5.13. Configuring firewall lockdown Expand section "21.5.13. Configuring firewall lockdown" Collapse section "21.5.13. Configuring firewall lockdown" 21.5.13.1. Configuring lockdown using CLI 21.5.13.2. Configuring lockdown allowlist options using CLI 21.5.13.3. Configuring lockdown allowlist options using configuration files 21.5.14. Enabling traffic forwarding between different interfaces or sources within a firewalld zone Expand section "21.5.14. Enabling traffic forwarding between different interfaces or sources within a firewalld zone" Collapse section "21.5.14. Enabling traffic forwarding between different interfaces or sources within a firewalld zone" 21.5.14.1. The difference between intra-zone forwarding and zones with the default target set to ACCEPT 21.5.14.2. Using intra-zone forwarding to forward traffic between an Ethernet and Wi-Fi network 21.5.15. Configuring firewalld using System Roles Expand section "21.5.15. Configuring firewalld using System Roles" Collapse section "21.5.15. Configuring firewalld using System Roles" 21.5.15.1. Introduction to the firewall RHEL System Role 21.5.15.2. Resetting the firewalld settings using the firewall RHEL System Role 21.5.15.3. Forwarding incoming traffic from one local port to a different local port 21.5.15.4. Configuring ports using System Roles 21.5.15.5. Configuring a DMZ firewalld zone by using the firewalld RHEL System Role 21.5.16. Additional resources 21.6. Getting started with nftables Expand section "21.6. Getting started with nftables" Collapse section "21.6. Getting started with nftables" 21.6.1. Migrating from iptables to nftables Expand section "21.6.1. Migrating from iptables to nftables" Collapse section "21.6.1. Migrating from iptables to nftables" 21.6.1.1. When to use firewalld, nftables, or iptables 21.6.1.2. Converting iptables and ip6tables rule sets to nftables 21.6.1.3. Converting single iptables and ip6tables rules to nftables 21.6.1.4. Comparison of common iptables and nftables commands 21.6.1.5. Additional resources 21.6.2. Writing and executing nftables scripts Expand section "21.6.2. Writing and executing nftables scripts" Collapse section "21.6.2. Writing and executing nftables scripts" 21.6.2.1. Supported nftables script formats 21.6.2.2. Running nftables scripts 21.6.2.3. Using comments in nftables scripts 21.6.2.4. Using variables in nftables script 21.6.2.5. Including files in nftables scripts 21.6.2.6. Automatically loading nftables rules when the system boots 21.6.3. Creating and managing nftables tables, chains, and rules Expand section "21.6.3. Creating and managing nftables tables, chains, and rules" Collapse section "21.6.3. Creating and managing nftables tables, chains, and rules" 21.6.3.1. Basics of nftables tables 21.6.3.2. Basics of nftables chains 21.6.3.3. Basics of nftables rules 21.6.3.4. Managing tables, chains, and rules using nft commands 21.6.4. Configuring NAT using nftables Expand section "21.6.4. Configuring NAT using nftables" Collapse section "21.6.4. Configuring NAT using nftables" 21.6.4.1. NAT types 21.6.4.2. Configuring masquerading using nftables 21.6.4.3. Configuring source NAT using nftables 21.6.4.4. Configuring destination NAT using nftables 21.6.4.5. Configuring a redirect using nftables 21.6.5. Using sets in nftables commands Expand section "21.6.5. Using sets in nftables commands" Collapse section "21.6.5. Using sets in nftables commands" 21.6.5.1. Using anonymous sets in nftables 21.6.5.2. Using named sets in nftables 21.6.5.3. Additional resources 21.6.6. Using verdict maps in nftables commands Expand section "21.6.6. Using verdict maps in nftables commands" Collapse section "21.6.6. Using verdict maps in nftables commands" 21.6.6.1. Using anonymous maps in nftables 21.6.6.2. Using named maps in nftables 21.6.6.3. Additional resources 21.6.7. Example: Protecting a LAN and DMZ using an nftables script Expand section "21.6.7. Example: Protecting a LAN and DMZ using an nftables script" Collapse section "21.6.7. Example: Protecting a LAN and DMZ using an nftables script" 21.6.7.1. Network conditions 21.6.7.2. Security requirements to the firewall script 21.6.7.3. Configuring logging of dropped packets to a file 21.6.7.4. Writing and activating the nftables script 21.6.8. Configuring port forwarding using nftables Expand section "21.6.8. Configuring port forwarding using nftables" Collapse section "21.6.8. Configuring port forwarding using nftables" 21.6.8.1. Forwarding incoming packets to a different local port 21.6.8.2. Forwarding incoming packets on a specific local port to a different host 21.6.9. Using nftables to limit the amount of connections Expand section "21.6.9. Using nftables to limit the amount of connections" Collapse section "21.6.9. Using nftables to limit the amount of connections" 21.6.9.1. Limiting the number of connections using nftables 21.6.9.2. Blocking IP addresses that attempt more than ten new incoming TCP connections within one minute 21.6.10. Debugging nftables rules Expand section "21.6.10. Debugging nftables rules" Collapse section "21.6.10. Debugging nftables rules" 21.6.10.1. Creating a rule with a counter 21.6.10.2. Adding a counter to an existing rule 21.6.10.3. Monitoring packets that match an existing rule 21.6.11. Backing up and restoring the nftables rule set Expand section "21.6.11. Backing up and restoring the nftables rule set" Collapse section "21.6.11. Backing up and restoring the nftables rule set" 21.6.11.1. Backing up the nftables rule set to a file 21.6.11.2. Restoring the nftables rule set from a file 21.6.12. Additional resources IV. Design of hard disk Expand section "IV. Design of hard disk" Collapse section "IV. Design of hard disk" 22. Overview of available file systems Expand section "22. Overview of available file systems" Collapse section "22. Overview of available file systems" 22.1. Types of file systems 22.2. Local file systems 22.3. The XFS file system 22.4. The ext4 file system 22.5. Comparison of XFS and ext4 22.6. Choosing a local file system 22.7. Network file systems 22.8. Shared storage file systems 22.9. Choosing between network and shared storage file systems 22.10. Volume-managing file systems 23. Mounting NFS shares Expand section "23. Mounting NFS shares" Collapse section "23. Mounting NFS shares" 23.1. Introduction to NFS 23.2. Supported NFS versions 23.3. Services required by NFS 23.4. NFS host name formats 23.5. Installing NFS 23.6. Discovering NFS exports 23.7. Mounting an NFS share with mount 23.8. Common NFS mount options 23.9. Additional resources 24. Exporting NFS shares Expand section "24. Exporting NFS shares" Collapse section "24. Exporting NFS shares" 24.1. Introduction to NFS 24.2. Supported NFS versions 24.3. The TCP and UDP protocols in NFSv3 and NFSv4 24.4. Services required by NFS 24.5. NFS host name formats 24.6. NFS server configuration Expand section "24.6. NFS server configuration" Collapse section "24.6. NFS server configuration" 24.6.1. The /etc/exports configuration file 24.6.2. The exportfs utility 24.7. NFS and rpcbind 24.8. Installing NFS 24.9. Starting the NFS server 24.10. Troubleshooting NFS and rpcbind 24.11. Configuring the NFS server to run behind a firewall Expand section "24.11. Configuring the NFS server to run behind a firewall" Collapse section "24.11. Configuring the NFS server to run behind a firewall" 24.11.1. Configuring the NFSv3-enabled server to run behind a firewall 24.11.2. Configuring the NFSv4-only server to run behind a firewall 24.11.3. Configuring an NFSv3 client to run behind a firewall 24.11.4. Configuring an NFSv4 client to run behind a firewall 24.12. Exporting RPC quota through a firewall 24.13. Enabling NFS over RDMA (NFSoRDMA) 24.14. Additional resources 25. Mounting an SMB Share on Red Hat Enterprise Linux Expand section "25. Mounting an SMB Share on Red Hat Enterprise Linux" Collapse section "25. Mounting an SMB Share on Red Hat Enterprise Linux" 25.1. Supported SMB protocol versions 25.2. UNIX extensions support 25.3. Manually mounting an SMB share 25.4. Mounting an SMB share automatically when the system boots 25.5. Authenticating to an SMB share using a credentials file 25.6. Frequently used mount options 26. Overview of persistent naming attributes Expand section "26. Overview of persistent naming attributes" Collapse section "26. Overview of persistent naming attributes" 26.1. Disadvantages of non-persistent naming attributes 26.2. File system and device identifiers 26.3. Device names managed by the udev mechanism in /dev/disk/ Expand section "26.3. Device names managed by the udev mechanism in /dev/disk/" Collapse section "26.3. Device names managed by the udev mechanism in /dev/disk/" 26.3.1. File system identifiers 26.3.2. Device identifiers 26.4. The World Wide Identifier with DM Multipath 26.5. Limitations of the udev device naming convention 26.6. Listing persistent naming attributes 26.7. Modifying persistent naming attributes 27. Getting started with partitions Expand section "27. Getting started with partitions" Collapse section "27. Getting started with partitions" 27.1. Creating a partition table on a disk with parted 27.2. Viewing the partition table with parted 27.3. Creating a partition with parted 27.4. Setting a partition type with fdisk 27.5. Resizing a partition with parted 27.6. Removing a partition with parted 28. Getting started with XFS Expand section "28. Getting started with XFS" Collapse section "28. Getting started with XFS" 28.1. The XFS file system 28.2. Comparison of tools used with ext4 and XFS 29. Mounting file systems Expand section "29. Mounting file systems" Collapse section "29. Mounting file systems" 29.1. The Linux mount mechanism 29.2. Listing currently mounted file systems 29.3. Mounting a file system with mount 29.4. Moving a mount point 29.5. Unmounting a file system with umount 29.6. Common mount options 30. Sharing a mount on multiple mount points Expand section "30. Sharing a mount on multiple mount points" Collapse section "30. Sharing a mount on multiple mount points" 30.1. Types of shared mounts 30.2. Creating a private mount point duplicate 30.3. Creating a shared mount point duplicate 30.4. Creating a slave mount point duplicate 30.5. Preventing a mount point from being duplicated 31. Persistently mounting file systems Expand section "31. Persistently mounting file systems" Collapse section "31. Persistently mounting file systems" 31.1. The /etc/fstab file 31.2. Adding a file system to /etc/fstab 32. Persistently mounting a file system using RHEL System Roles Expand section "32. Persistently mounting a file system using RHEL System Roles" Collapse section "32. Persistently mounting a file system using RHEL System Roles" 32.1. Example Ansible playbook to persistently mount a file system 33. Mounting file systems on demand Expand section "33. Mounting file systems on demand" Collapse section "33. Mounting file systems on demand" 33.1. The autofs service 33.2. The autofs configuration files 33.3. Configuring autofs mount points 33.4. Automounting NFS server user home directories with autofs service 33.5. Overriding or augmenting autofs site configuration files 33.6. Using LDAP to store automounter maps 33.7. Using systemd.automount to mount a file system on demand with /etc/fstab 33.8. Using systemd.automount to mount a file system on demand with a mount unit 34. Using SSSD component from IdM to cache the autofs maps Expand section "34. Using SSSD component from IdM to cache the autofs maps" Collapse section "34. Using SSSD component from IdM to cache the autofs maps" 34.1. Configuring autofs manually to use IdM server as an LDAP server 34.2. Configuring SSSD to cache autofs maps 35. Setting read-only permissions for the root file system Expand section "35. Setting read-only permissions for the root file system" Collapse section "35. Setting read-only permissions for the root file system" 35.1. Files and directories that always retain write permissions 35.2. Configuring the root file system to mount with read-only permissions on boot 36. Managing storage devices Expand section "36. Managing storage devices" Collapse section "36. Managing storage devices" 36.1. Setting up Stratis file systems Expand section "36.1. Setting up Stratis file systems" Collapse section "36.1. Setting up Stratis file systems" 36.1.1. What is Stratis 36.1.2. Components of a Stratis volume 36.1.3. Block devices usable with Stratis 36.1.4. Installing Stratis 36.1.5. Creating an unencrypted Stratis pool 36.1.6. Creating an encrypted Stratis pool 36.1.7. Setting up a thin provisioning layer in Stratis filesystem 36.1.8. Binding a Stratis pool to NBDE 36.1.9. Binding a Stratis pool to TPM 36.1.10. Unlocking an encrypted Stratis pool with kernel keyring 36.1.11. Unlocking an encrypted Stratis pool with Clevis 36.1.12. Unbinding a Stratis pool from supplementary encryption 36.1.13. Starting and stopping Stratis pool 36.1.14. Creating a Stratis file system 36.1.15. Mounting a Stratis file system 36.1.16. Persistently mounting a Stratis file system 36.1.17. Setting up non-root Stratis filesystems in /etc/fstab using a systemd service 36.2. Extending a Stratis volume with additional block devices Expand section "36.2. Extending a Stratis volume with additional block devices" Collapse section "36.2. Extending a Stratis volume with additional block devices" 36.2.1. Components of a Stratis volume 36.2.2. Adding block devices to a Stratis pool 36.2.3. Additional resources 36.3. Monitoring Stratis file systems Expand section "36.3. Monitoring Stratis file systems" Collapse section "36.3. Monitoring Stratis file systems" 36.3.1. Stratis sizes reported by different utilities 36.3.2. Displaying information about Stratis volumes 36.3.3. Additional resources 36.4. Using snapshots on Stratis file systems Expand section "36.4. Using snapshots on Stratis file systems" Collapse section "36.4. Using snapshots on Stratis file systems" 36.4.1. Characteristics of Stratis snapshots 36.4.2. Creating a Stratis snapshot 36.4.3. Accessing the content of a Stratis snapshot 36.4.4. Reverting a Stratis file system to a previous snapshot 36.4.5. Removing a Stratis snapshot 36.4.6. Additional resources 36.5. Removing Stratis file systems Expand section "36.5. Removing Stratis file systems" Collapse section "36.5. Removing Stratis file systems" 36.5.1. Components of a Stratis volume 36.5.2. Removing a Stratis file system 36.5.3. Removing a Stratis pool 36.5.4. Additional resources 36.6. Getting started with swap Expand section "36.6. Getting started with swap" Collapse section "36.6. Getting started with swap" 36.6.1. Overview of swap space 36.6.2. Recommended system swap space 36.6.3. Extending swap on an LVM2 logical volume 36.6.4. Creating an LVM2 logical volume for swap 36.6.5. Creating a swap file 36.6.6. Reducing swap on an LVM2 logical volume 36.6.7. Removing an LVM2 logical volume for swap 36.6.8. Removing a swap file 37. Deduplicating and compressing storage Expand section "37. Deduplicating and compressing storage" Collapse section "37. Deduplicating and compressing storage" 37.1. Deploying VDO Expand section "37.1. Deploying VDO" Collapse section "37.1. Deploying VDO" 37.1.1. Introduction to VDO 37.1.2. VDO deployment scenarios 37.1.3. Components of a VDO volume 37.1.4. The physical and logical size of a VDO volume 37.1.5. Slab size in VDO 37.1.6. VDO requirements Expand section "37.1.6. VDO requirements" Collapse section "37.1.6. VDO requirements" 37.1.6.1. VDO memory requirements 37.1.6.2. VDO storage space requirements 37.1.6.3. Placement of VDO in the storage stack 37.1.6.4. Examples of VDO requirements by physical size 37.1.7. Installing VDO 37.1.8. Creating a VDO volume 37.1.9. Mounting a VDO volume 37.1.10. Enabling periodic block discard 37.1.11. Monitoring VDO 37.2. Maintaining VDO Expand section "37.2. Maintaining VDO" Collapse section "37.2. Maintaining VDO" 37.2.1. Managing free space on VDO volumes Expand section "37.2.1. Managing free space on VDO volumes" Collapse section "37.2.1. Managing free space on VDO volumes" 37.2.1.1. The physical and logical size of a VDO volume 37.2.1.2. Thin provisioning in VDO 37.2.1.3. Monitoring VDO 37.2.1.4. Reclaiming space for VDO on file systems 37.2.1.5. Reclaiming space for VDO without a file system 37.2.1.6. Reclaiming space for VDO on Fibre Channel or Ethernet network 37.2.2. Starting or stopping VDO volumes Expand section "37.2.2. Starting or stopping VDO volumes" Collapse section "37.2.2. Starting or stopping VDO volumes" 37.2.2.1. Started and activated VDO volumes 37.2.2.2. Starting a VDO volume 37.2.2.3. Stopping a VDO volume 37.2.2.4. Additional resources 37.2.3. Automatically starting VDO volumes at system boot Expand section "37.2.3. Automatically starting VDO volumes at system boot" Collapse section "37.2.3. Automatically starting VDO volumes at system boot" 37.2.3.1. Started and activated VDO volumes 37.2.3.2. Activating a VDO volume 37.2.3.3. Deactivating a VDO volume 37.2.4. Selecting a VDO write mode Expand section "37.2.4. Selecting a VDO write mode" Collapse section "37.2.4. Selecting a VDO write mode" 37.2.4.1. VDO write modes 37.2.4.2. The internal processing of VDO write modes 37.2.4.3. Checking the write mode on a VDO volume 37.2.4.4. Checking for a volatile cache 37.2.4.5. Setting a VDO write mode 37.2.5. Recovering a VDO volume after an unclean shutdown Expand section "37.2.5. Recovering a VDO volume after an unclean shutdown" Collapse section "37.2.5. Recovering a VDO volume after an unclean shutdown" 37.2.5.1. VDO write modes 37.2.5.2. VDO volume recovery 37.2.5.3. VDO operating modes 37.2.5.4. Recovering a VDO volume online 37.2.5.5. Forcing an offline rebuild of a VDO volume metadata 37.2.5.6. Removing an unsuccessfully created VDO volume 37.2.6. Optimizing the UDS index Expand section "37.2.6. Optimizing the UDS index" Collapse section "37.2.6. Optimizing the UDS index" 37.2.6.1. Components of a VDO volume 37.2.6.2. The UDS index 37.2.6.3. Recommended UDS index configuration 37.2.7. Enabling or disabling deduplication in VDO Expand section "37.2.7. Enabling or disabling deduplication in VDO" Collapse section "37.2.7. Enabling or disabling deduplication in VDO" 37.2.7.1. Deduplication in VDO 37.2.7.2. Enabling deduplication on a VDO volume 37.2.7.3. Disabling deduplication on a VDO volume 37.2.8. Enabling or disabling compression in VDO Expand section "37.2.8. Enabling or disabling compression in VDO" Collapse section "37.2.8. Enabling or disabling compression in VDO" 37.2.8.1. Compression in VDO 37.2.8.2. Enabling compression on a VDO volume 37.2.8.3. Disabling compression on a VDO volume 37.2.9. Increasing the size of a VDO volume Expand section "37.2.9. Increasing the size of a VDO volume" Collapse section "37.2.9. Increasing the size of a VDO volume" 37.2.9.1. The physical and logical size of a VDO volume 37.2.9.2. Thin provisioning in VDO 37.2.9.3. Increasing the logical size of a VDO volume 37.2.9.4. Increasing the physical size of a VDO volume 37.2.10. Removing VDO volumes Expand section "37.2.10. Removing VDO volumes" Collapse section "37.2.10. Removing VDO volumes" 37.2.10.1. Removing a working VDO volume 37.2.10.2. Removing an unsuccessfully created VDO volume 37.2.11. Additional resources 37.3. Discarding unused blocks Expand section "37.3. Discarding unused blocks" Collapse section "37.3. Discarding unused blocks" 37.3.1. Block discard operations 37.3.2. Types of block discard operations 37.3.3. Performing batch block discard 37.3.4. Enabling online block discard 37.3.5. Enabling periodic block discard 37.4. Managing Virtual Data Optimizer volumes using the web console Expand section "37.4. Managing Virtual Data Optimizer volumes using the web console" Collapse section "37.4. Managing Virtual Data Optimizer volumes using the web console" 37.4.1. VDO volumes in the web console 37.4.2. Creating VDO volumes in the web console 37.4.3. Formatting VDO volumes in the web console 37.4.4. Extending VDO volumes in the web console V. Design of log file Expand section "V. Design of log file" Collapse section "V. Design of log file" 38. Auditing the system Expand section "38. Auditing the system" Collapse section "38. Auditing the system" 38.1. Linux Audit 38.2. Audit system architecture 38.3. Configuring auditd for a secure environment 38.4. Starting and controlling auditd 38.5. Understanding Audit log files 38.6. Using auditctl for defining and executing Audit rules 38.7. Defining persistent Audit rules 38.8. Using pre-configured rules files 38.9. Using augenrules to define persistent rules 38.10. Disabling augenrules 38.11. Setting up Audit to monitor software updates 38.12. Monitoring user login times with Audit 38.13. Additional resources VI. Design of kernel Expand section "VI. Design of kernel" Collapse section "VI. Design of kernel" 39. The Linux kernel Expand section "39. The Linux kernel" Collapse section "39. The Linux kernel" 39.1. What the kernel is 39.2. RPM packages 39.3. The Linux kernel RPM package overview 39.4. Displaying contents of the kernel package 39.5. Updating the kernel 39.6. Installing specific kernel versions 40. Configuring kernel command-line parameters Expand section "40. Configuring kernel command-line parameters" Collapse section "40. Configuring kernel command-line parameters" 40.1. Understanding kernel command-line parameters 40.2. What grubby is 40.3. What boot entries are 40.4. Changing kernel command-line parameters for all boot entries 40.5. Changing kernel command-line parameters for a single boot entry 40.6. Changing kernel command-line parameters temporarily at boot time 40.7. Configuring GRUB settings to enable serial console connection 41. Configuring kernel parameters at runtime Expand section "41. Configuring kernel parameters at runtime" Collapse section "41. Configuring kernel parameters at runtime" 41.1. What are kernel parameters 41.2. Configuring kernel parameters temporarily with sysctl 41.3. Configuring kernel parameters permanently with sysctl 41.4. Using configuration files in /etc/sysctl.d/ to adjust kernel parameters 41.5. Configuring kernel parameters temporarily through /proc/sys/ 42. Installing and configuring kdump Expand section "42. Installing and configuring kdump" Collapse section "42. Installing and configuring kdump" 42.1. Installing kdump Expand section "42.1. Installing kdump" Collapse section "42.1. Installing kdump" 42.1.1. What is kdump 42.1.2. Installing kdump using Anaconda 42.1.3. Installing kdump on the command line 42.2. Configuring kdump on the command line Expand section "42.2. Configuring kdump on the command line" Collapse section "42.2. Configuring kdump on the command line" 42.2.1. Estimating the kdump size 42.2.2. Configuring kdump memory usage 42.2.3. Configuring the kdump target 42.2.4. Configuring the kdump core collector 42.2.5. Configuring the kdump default failure responses 42.2.6. Testing the kdump configuration 42.3. Enabling kdump Expand section "42.3. Enabling kdump" Collapse section "42.3. Enabling kdump" 42.3.1. Enabling kdump for all installed kernels 42.3.2. Enabling kdump for a specific installed kernel 42.3.3. Disabling the kdump service 42.4. Configuring kdump in the web console Expand section "42.4. Configuring kdump in the web console" Collapse section "42.4. Configuring kdump in the web console" 42.4.1. Configuring kdump memory usage and target location in web console 42.4.2. Additional resources 42.5. Supported kdump configurations and targets Expand section "42.5. Supported kdump configurations and targets" Collapse section "42.5. Supported kdump configurations and targets" 42.5.1. Memory requirements for kdump 42.5.2. Minimum threshold for automatic memory reservation 42.5.3. Supported kdump targets 42.5.4. Supported kdump filtering levels 42.5.5. Supported default failure responses 42.5.6. Using final_action parameter 42.6. Testing the kdump configuration 42.7. Using kexec to boot into a different kernel 42.8. Preventing kernel drivers from loading for kdump 42.9. Running kdump on systems with encrypted disk 42.10. Firmware assisted dump mechanisms Expand section "42.10. Firmware assisted dump mechanisms" Collapse section "42.10. Firmware assisted dump mechanisms" 42.10.1. Firmware assisted dump on IBM PowerPC hardware 42.10.2. Enabling firmware assisted dump mechanism 42.10.3. Firmware assisted dump mechanisms on IBM Z hardware 42.10.4. Using sadump on Fujitsu PRIMEQUEST systems 42.11. Analyzing a core dump Expand section "42.11. Analyzing a core dump" Collapse section "42.11. Analyzing a core dump" 42.11.1. Installing the crash utility 42.11.2. Running and exiting the crash utility 42.11.3. Displaying various indicators in the crash utility 42.11.4. Using Kernel Oops Analyzer 42.11.5. The Kdump Helper tool 42.12. Using early kdump to capture boot time crashes Expand section "42.12. Using early kdump to capture boot time crashes" Collapse section "42.12. Using early kdump to capture boot time crashes" 42.12.1. What is early kdump 42.12.2. Enabling early kdump 42.13. Related information 43. Applying patches with kernel live patching Expand section "43. Applying patches with kernel live patching" Collapse section "43. Applying patches with kernel live patching" 43.1. Limitations of kpatch 43.2. Support for third-party live patching 43.3. Access to kernel live patches 43.4. Components of kernel live patching 43.5. How kernel live patching works 43.6. Subscribing the currently installed kernels to the live patching stream 43.7. Automatically subscribing any future kernel to the live patching stream 43.8. Disabling automatic subscription to the live patching stream 43.9. Updating kernel patch modules 43.10. Removing the live patching package 43.11. Uninstalling the kernel patch module 43.12. Disabling kpatch.service 44. Setting limits for applications Expand section "44. Setting limits for applications" Collapse section "44. Setting limits for applications" 44.1. Understanding control groups 44.2. What are kernel resource controllers 44.3. What are namespaces 44.4. Setting CPU limits to applications using cgroups-v1 45. Analyzing system performance with BPF Compiler Collection Expand section "45. Analyzing system performance with BPF Compiler Collection" Collapse section "45. Analyzing system performance with BPF Compiler Collection" 45.1. Installing the bcc-tools package 45.2. Using selected bcc-tools for performance analyses VII. Design of high availability system Expand section "VII. Design of high availability system" Collapse section "VII. Design of high availability system" 46. High Availability Add-On overview Expand section "46. High Availability Add-On overview" Collapse section "46. High Availability Add-On overview" 46.1. High Availability Add-On components 46.2. High Availability Add-On concepts Expand section "46.2. High Availability Add-On concepts" Collapse section "46.2. High Availability Add-On concepts" 46.2.1. Fencing 46.2.2. Quorum 46.2.3. Cluster resources 46.3. Pacemaker overview Expand section "46.3. Pacemaker overview" Collapse section "46.3. Pacemaker overview" 46.3.1. Pacemaker architecture components 46.3.2. Pacemaker configuration and management tools 46.3.3. The cluster and pacemaker configuration files 46.4. LVM logical volumes in a Red Hat high availability cluster Expand section "46.4. LVM logical volumes in a Red Hat high availability cluster" Collapse section "46.4. LVM logical volumes in a Red Hat high availability cluster" 46.4.1. Choosing HA-LVM or shared volumes 46.4.2. Configuring LVM volumes in a cluster 47. Getting started with Pacemaker Expand section "47. Getting started with Pacemaker" Collapse section "47. Getting started with Pacemaker" 47.1. Learning to use Pacemaker 47.2. Learning to configure failover 48. The pcs command line interface Expand section "48. The pcs command line interface" Collapse section "48. The pcs command line interface" 48.1. pcs help display 48.2. Viewing the raw cluster configuration 48.3. Saving a configuration change to a working file 48.4. Displaying cluster status 48.5. Displaying the full cluster configuration 48.6. Modifying the corosync.conf file with the pcs command 48.7. Displaying the corosync.conf file with the pcs command 49. Creating a Red Hat High-Availability cluster with Pacemaker Expand section "49. Creating a Red Hat High-Availability cluster with Pacemaker" Collapse section "49. Creating a Red Hat High-Availability cluster with Pacemaker" 49.1. Installing cluster software 49.2. Installing the pcp-zeroconf package (recommended) 49.3. Creating a high availability cluster 49.4. Creating a high availability cluster with multiple links 49.5. Configuring fencing 49.6. Backing up and restoring a cluster configuration 49.7. Enabling ports for the High Availability Add-On 50. Configuring an active/passive Apache HTTP server in a Red Hat High Availability cluster Expand section "50. Configuring an active/passive Apache HTTP server in a Red Hat High Availability cluster" Collapse section "50. Configuring an active/passive Apache HTTP server in a Red Hat High Availability cluster" 50.1. Configuring an LVM volume with an XFS file system in a Pacemaker cluster 50.2. Ensuring a volume group is not activated on multiple cluster nodes (RHEL 8.4 and earlier) 50.3. Configuring an Apache HTTP Server 50.4. Creating the resources and resource groups 50.5. Testing the resource configuration 51. Configuring an active/passive NFS server in a Red Hat High Availability cluster Expand section "51. Configuring an active/passive NFS server in a Red Hat High Availability cluster" Collapse section "51. Configuring an active/passive NFS server in a Red Hat High Availability cluster" 51.1. Configuring an LVM volume with an XFS file system in a Pacemaker cluster 51.2. Ensuring a volume group is not activated on multiple cluster nodes (RHEL 8.4 and earlier) 51.3. Configuring an NFS share 51.4. Configuring the resources and resource group for an NFS server in a cluster 51.5. Testing the NFS resource configuration Expand section "51.5. Testing the NFS resource configuration" Collapse section "51.5. Testing the NFS resource configuration" 51.5.1. Testing the NFS export 51.5.2. Testing for failover 52. GFS2 file systems in a cluster Expand section "52. GFS2 file systems in a cluster" Collapse section "52. GFS2 file systems in a cluster" 52.1. Configuring a GFS2 file system in a cluster 52.2. Configuring an encrypted GFS2 file system in a cluster Expand section "52.2. Configuring an encrypted GFS2 file system in a cluster" Collapse section "52.2. Configuring an encrypted GFS2 file system in a cluster" 52.2.1. Configure a shared logical volume in a Pacemaker cluster 52.2.2. Encrypt the logical volume and create a crypt resource 52.2.3. Format the encrypted logical volume with a GFS2 file system and create a file system resource for the cluster 52.3. Migrating a GFS2 file system from RHEL7 to RHEL8 53. Configuring fencing in a Red Hat High Availability cluster Expand section "53. Configuring fencing in a Red Hat High Availability cluster" Collapse section "53. Configuring fencing in a Red Hat High Availability cluster" 53.1. Displaying available fence agents and their options 53.2. Creating a fence device 53.3. General properties of fencing devices 53.4. Testing a fence device 53.5. Configuring fencing levels 53.6. Configuring fencing for redundant power supplies 53.7. Displaying configured fence devices 53.8. Exporting fence devices as pcs commands 53.9. Modifying and deleting fence devices 53.10. Manually fencing a cluster node 53.11. Disabling a fence device 53.12. Preventing a node from using a fencing device 53.13. Configuring ACPI for use with integrated fence devices Expand section "53.13. Configuring ACPI for use with integrated fence devices" Collapse section "53.13. Configuring ACPI for use with integrated fence devices" 53.13.1. Disabling ACPI Soft-Off with the BIOS 53.13.2. Disabling ACPI Soft-Off in the logind.conf file 53.13.3. Disabling ACPI completely in the GRUB 2 file 54. Configuring cluster resources Expand section "54. Configuring cluster resources" Collapse section "54. Configuring cluster resources" 54.1. Resource agent identifiers 54.2. Displaying resource-specific parameters 54.3. Configuring resource meta options Expand section "54.3. Configuring resource meta options" Collapse section "54.3. Configuring resource meta options" 54.3.1. Changing the default value of a resource option 54.3.2. Changing the default value of a resource option for sets of resources 54.3.3. Displaying currently configured resource defaults 54.3.4. Setting meta options on resource creation 54.4. Configuring resource groups Expand section "54.4. Configuring resource groups" Collapse section "54.4. Configuring resource groups" 54.4.1. Creating a resource group 54.4.2. Removing a resource group 54.4.3. Displaying resource groups 54.4.4. Group options 54.4.5. Group stickiness 54.5. Determining resource behavior 55. Determining which nodes a resource can run on Expand section "55. Determining which nodes a resource can run on" Collapse section "55. Determining which nodes a resource can run on" 55.1. Configuring location constraints 55.2. Limiting resource discovery to a subset of nodes 55.3. Configuring a location constraint strategy Expand section "55.3. Configuring a location constraint strategy" Collapse section "55.3. Configuring a location constraint strategy" 55.3.1. Configuring an "Opt-In" cluster 55.3.2. Configuring an "Opt-Out" cluster 55.4. Configuring a resource to prefer its current node 56. Determining the order in which cluster resources are run Expand section "56. Determining the order in which cluster resources are run" Collapse section "56. Determining the order in which cluster resources are run" 56.1. Configuring mandatory ordering 56.2. Configuring advisory ordering 56.3. Configuring ordered resource sets 56.4. Configuring startup order for resource dependencies not managed by Pacemaker 57. Colocating cluster resources Expand section "57. Colocating cluster resources" Collapse section "57. Colocating cluster resources" 57.1. Specifying mandatory placement of resources 57.2. Specifying advisory placement of resources 57.3. Colocating sets of resources 58. Displaying resource constraints and resource dependencies 59. Determining resource location with rules Expand section "59. Determining resource location with rules" Collapse section "59. Determining resource location with rules" 59.1. Pacemaker rules Expand section "59.1. Pacemaker rules" Collapse section "59.1. Pacemaker rules" 59.1.1. Node attribute expressions 59.1.2. Time/date based expressions 59.1.3. Date specifications 59.2. Configuring a pacemaker location constraint using rules 60. Managing cluster resources Expand section "60. Managing cluster resources" Collapse section "60. Managing cluster resources" 60.1. Displaying configured resources 60.2. Exporting cluster resources as pcs commands 60.3. Modifying resource parameters 60.4. Clearing failure status of cluster resources 60.5. Moving resources in a cluster Expand section "60.5. Moving resources in a cluster" Collapse section "60.5. Moving resources in a cluster" 60.5.1. Moving resources due to failure 60.5.2. Moving resources due to connectivity changes 60.6. Disabling a monitor operation 60.7. Configuring and managing cluster resource tags Expand section "60.7. Configuring and managing cluster resource tags" Collapse section "60.7. Configuring and managing cluster resource tags" 60.7.1. Tagging cluster resources for administration by category 60.7.2. Deleting a tagged cluster resource 61. Creating cluster resources that are active on multiple nodes (cloned resources) Expand section "61. Creating cluster resources that are active on multiple nodes (cloned resources)" Collapse section "61. Creating cluster resources that are active on multiple nodes (cloned resources)" 61.1. Creating and removing a cloned resource 61.2. Configuring clone resource constraints 61.3. Promotable clone resources Expand section "61.3. Promotable clone resources" Collapse section "61.3. Promotable clone resources" 61.3.1. Creating a promotable clone resource 61.3.2. Configuring promotable resource constraints 61.4. Demoting a promoted resource on failure 62. Managing cluster nodes Expand section "62. Managing cluster nodes" Collapse section "62. Managing cluster nodes" 62.1. Stopping cluster services 62.2. Enabling and disabling cluster services 62.3. Adding cluster nodes 62.4. Removing cluster nodes 62.5. Adding a node to a cluster with multiple links 62.6. Adding and modifying links in an existing cluster Expand section "62.6. Adding and modifying links in an existing cluster" Collapse section "62.6. Adding and modifying links in an existing cluster" 62.6.1. Adding and removing links in an existing cluster 62.6.2. Modifying a link in a cluster with multiple links 62.6.3. Modifying the link addresses in a cluster with a single link 62.6.4. Modifying the link options for a link in a cluster with a single link 62.6.5. Modifying a link when adding a new link is not possible 62.7. Configuring a node health strategy 62.8. Configuring a large cluster with many resources 63. Pacemaker cluster properties Expand section "63. Pacemaker cluster properties" Collapse section "63. Pacemaker cluster properties" 63.1. Summary of cluster properties and options 63.2. Setting and removing cluster properties 63.3. Querying cluster property settings 64. Configuring a virtual domain as a resource Expand section "64. Configuring a virtual domain as a resource" Collapse section "64. Configuring a virtual domain as a resource" 64.1. Virtual domain resource options 64.2. Creating the virtual domain resource 65. Configuring cluster quorum Expand section "65. Configuring cluster quorum" Collapse section "65. Configuring cluster quorum" 65.1. Configuring quorum options 65.2. Modifying quorum options 65.3. Displaying quorum configuration and status 65.4. Running inquorate clusters 66. Integrating non-corosync nodes into a cluster: the pacemaker_remote service Expand section "66. Integrating non-corosync nodes into a cluster: the pacemaker_remote service" Collapse section "66. Integrating non-corosync nodes into a cluster: the pacemaker_remote service" 66.1. Host and guest authentication of pacemaker_remote nodes 66.2. Configuring KVM guest nodes Expand section "66.2. Configuring KVM guest nodes" Collapse section "66.2. Configuring KVM guest nodes" 66.2.1. Guest node resource options 66.2.2. Integrating a virtual machine as a guest node 66.3. Configuring Pacemaker remote nodes Expand section "66.3. Configuring Pacemaker remote nodes" Collapse section "66.3. Configuring Pacemaker remote nodes" 66.3.1. Remote node resource options 66.3.2. Remote node configuration overview 66.4. Changing the default port location 66.5. Upgrading systems with pacemaker_remote nodes 67. Performing cluster maintenance Expand section "67. Performing cluster maintenance" Collapse section "67. Performing cluster maintenance" 67.1. Putting a node into standby mode 67.2. Manually moving cluster resources Expand section "67.2. Manually moving cluster resources" Collapse section "67.2. Manually moving cluster resources" 67.2.1. Moving a resource from its current node 67.2.2. Moving a resource to its preferred node 67.3. Disabling, enabling, and banning cluster resources 67.4. Setting a resource to unmanaged mode 67.5. Putting a cluster in maintenance mode 67.6. Updating a RHEL high availability cluster 67.7. Upgrading remote nodes and guest nodes 67.8. Migrating VMs in a RHEL cluster 67.9. Identifying clusters by UUID 68. Configuring and managing logical volumes Expand section "68. Configuring and managing logical volumes" Collapse section "68. Configuring and managing logical volumes" 68.1. Overview of logical volume management Expand section "68.1. Overview of logical volume management" Collapse section "68.1. Overview of logical volume management" 68.1.1. LVM architecture 68.1.2. Advantages of LVM 68.2. Managing LVM physical volumes Expand section "68.2. Managing LVM physical volumes" Collapse section "68.2. Managing LVM physical volumes" 68.2.1. Overview of physical volumes 68.2.2. Multiple partitions on a disk 68.2.3. Creating LVM physical volume 68.2.4. Removing LVM physical volumes 68.2.5. Additional resources 68.3. Managing LVM volume groups Expand section "68.3. Managing LVM volume groups" Collapse section "68.3. Managing LVM volume groups" 68.3.1. Creating LVM volume group 68.3.2. Combining LVM volume groups 68.3.3. Removing physical volumes from a volume group 68.3.4. Splitting a LVM volume group 68.3.5. Moving a volume group to another system 68.3.6. Removing LVM volume groups 68.4. Managing LVM logical volumes Expand section "68.4. Managing LVM logical volumes" Collapse section "68.4. Managing LVM logical volumes" 68.4.1. Overview of logical volumes 68.4.2. Using CLI commands 68.4.3. Creating LVM logical volume 68.4.4. Creating a RAID0 striped logical volume 68.4.5. Renaming LVM logical volumes 68.4.6. Removing a disk from a logical volume 68.4.7. Removing LVM logical volumes 68.4.8. Configuring persistent device numbers 68.4.9. Specifying LVM extent size 68.4.10. Managing LVM logical volumes using RHEL System Roles Expand section "68.4.10. Managing LVM logical volumes using RHEL System Roles" Collapse section "68.4.10. Managing LVM logical volumes using RHEL System Roles" 68.4.10.1. Example Ansible playbook to manage logical volumes 68.4.10.2. Additional resources 68.4.11. Removing LVM volume groups 68.5. Modifying the size of a logical volume Expand section "68.5. Modifying the size of a logical volume" Collapse section "68.5. Modifying the size of a logical volume" 68.5.1. Growing a logical volume and file system 68.5.2. Shrinking logical volumes 68.5.3. Extending a striped logical volume 68.6. Customized reporting for LVM Expand section "68.6. Customized reporting for LVM" Collapse section "68.6. Customized reporting for LVM" 68.6.1. Controlling the format of the LVM display 68.6.2. LVM object display fields 68.6.3. Sorting LVM reports 68.6.4. Specifying the units for an LVM report display 68.6.5. Displaying LVM command output in JSON format 68.6.6. Displaying the LVM command log 68.7. Configuring RAID logical volumes Expand section "68.7. Configuring RAID logical volumes" Collapse section "68.7. Configuring RAID logical volumes" 68.7.1. RAID logical volumes 68.7.2. RAID levels and linear support 68.7.3. LVM RAID segment types 68.7.4. Creating RAID logical volumes 68.7.5. Creating a RAID0 striped logical volume 68.7.6. Parameters for creating a RAID0 68.7.7. Soft data corruption 68.7.8. Creating a RAID LV with DM integrity 68.7.9. Minimum and maximum I/O rate options 68.7.10. Converting a Linear device to a RAID logical volume 68.7.11. Converting an LVM RAID1 logical volume to an LVM linear logical volume 68.7.12. Converting a mirrored LVM device to a RAID1 logical volume 68.7.13. Resizing a RAID logical volume 68.7.14. Changing the number of images in an existing RAID1 device 68.7.15. Splitting off a RAID image as a separate logical volume 68.7.16. Splitting and Merging a RAID Image 68.7.17. Setting a RAID fault policy Expand section "68.7.17. Setting a RAID fault policy" Collapse section "68.7.17. Setting a RAID fault policy" 68.7.17.1. The allocate RAID Fault Policy 68.7.17.2. The warn RAID Fault Policy 68.7.18. Replacing a RAID device in a logical volume Expand section "68.7.18. Replacing a RAID device in a logical volume" Collapse section "68.7.18. Replacing a RAID device in a logical volume" 68.7.18.1. Replacing a RAID device that has not failed 68.7.18.2. Failed devices in LVM RAID 68.7.18.3. Recovering a failed RAID device in a logical volume 68.7.18.4. Replacing a failed RAID device in a logical volume 68.7.19. Checking data coherency in a RAID logical volume (RAID scrubbing) 68.7.20. Converting a RAID level (RAID takeover) 68.7.21. Changing attributes of a RAID volume (RAID reshape) 68.7.22. Controlling I/O Operations on a RAID1 logical volume 68.7.23. Changing the region size on a RAID logical volume 68.8. Snapshot of logical volumes Expand section "68.8. Snapshot of logical volumes" Collapse section "68.8. Snapshot of logical volumes" 68.8.1. Overview of snapshot volumes 68.8.2. Creating a snapshot of the original volume 68.8.3. Merging snapshot to its original volume 68.9. Creating and managing thin provisioned volumes (thin volumes) Expand section "68.9. Creating and managing thin provisioned volumes (thin volumes)" Collapse section "68.9. Creating and managing thin provisioned volumes (thin volumes)" 68.9.1. Overview of thin provisioning 68.9.2. Creating thinly-provisioned logical volumes 68.9.3. Overview of chunk size 68.9.4. Thinly-provisioned snapshot volumes 68.9.5. Creating thinly-provisioned snapshot volumes 68.10. Enabling caching to improve logical volume performance Expand section "68.10. Enabling caching to improve logical volume performance" Collapse section "68.10. Enabling caching to improve logical volume performance" 68.10.1. Caching methods in LVM 68.10.2. LVM caching components 68.10.3. Enabling dm-cache caching for a logical volume 68.10.4. Enabling dm-cache caching with a cachepool for a logical volume 68.10.5. Enabling dm-writecache caching for a logical volume 68.10.6. Disabling caching for a logical volume 68.11. Logical volume activation Expand section "68.11. Logical volume activation" Collapse section "68.11. Logical volume activation" 68.11.1. Controlling autoactivation of logical volumes 68.11.2. Controlling logical volume activation 68.11.3. Activating shared logical volumes 68.11.4. Activating a logical volume with missing devices 68.12. Limiting LVM device visibility and usage Expand section "68.12. Limiting LVM device visibility and usage" Collapse section "68.12. Limiting LVM device visibility and usage" 68.12.1. The LVM device filter Expand section "68.12.1. The LVM device filter" Collapse section "68.12.1. The LVM device filter" 68.12.1.1. Additional resources 68.12.1.2. Examples of LVM device filter configurations 68.13. Controlling LVM allocation Expand section "68.13. Controlling LVM allocation" Collapse section "68.13. Controlling LVM allocation" 68.13.1. LVM allocation policies 68.13.2. Preventing allocation on a physical volume 68.13.3. Extending a logical volume with the cling allocation policy 68.13.4. Differentiating between LVM RAID objects using tags 68.14. Troubleshooting LVM Expand section "68.14. Troubleshooting LVM" Collapse section "68.14. Troubleshooting LVM" 68.14.1. Gathering diagnostic data on LVM 68.14.2. Displaying information on failed LVM devices 68.14.3. Removing lost LVM physical volumes from a volume group 68.14.4. Finding the metadata of a missing LVM physical volume 68.14.5. Restoring metadata on an LVM physical volume 68.14.6. Rounding errors in LVM output 68.14.7. Preventing the rounding error when creating an LVM volume 68.14.8. Troubleshooting LVM RAID Expand section "68.14.8. Troubleshooting LVM RAID" Collapse section "68.14.8. Troubleshooting LVM RAID" 68.14.8.1. Checking data coherency in a RAID logical volume (RAID scrubbing) 68.14.8.2. Failed devices in LVM RAID 68.14.8.3. Recovering a failed RAID device in a logical volume 68.14.8.4. Replacing a failed RAID device in a logical volume 68.14.9. Troubleshooting duplicate physical volume warnings for multipathed LVM devices Expand section "68.14.9. Troubleshooting duplicate physical volume warnings for multipathed LVM devices" Collapse section "68.14.9. Troubleshooting duplicate physical volume warnings for multipathed LVM devices" 68.14.9.1. Root cause of duplicate PV warnings 68.14.9.2. Cases of duplicate PV warnings 68.14.9.3. Example LVM device filters that prevent duplicate PV warnings 68.14.9.4. Applying an LVM device filter configuration 68.14.9.5. Additional resources Legal Notice Settings Close Language: 한국어 日本語 English Español Português Language: 한국어 日本語 English Español Português Format: Multi-page Single-page PDF Format: Multi-page Single-page PDF Language and Page Formatting Options Language: 한국어 日本語 English Español Português Language: 한국어 日本語 English Español Português Format: Multi-page Single-page PDF Format: Multi-page Single-page PDF Red Hat Training A Red Hat training course is available for RHEL 8 Part II. Design of security Previous Next