Skip to navigation
Skip to main content
Search
Content extracted on:
2026-04-09
Home
Product Documentation
Red Hat Enterprise Linux
8
System Design Guide
Part IV. Design of hard disk
System Design Guide
Providing feedback on Red Hat documentation
I. Design of installation
1. System requirements and supported architectures
1.1. Supported installation targets
1.2. System specifications
1.3. Disk and memory requirements
1.4. Graphics display resolution requirements
1.5. UEFI Secure Boot and Beta release requirements
2. Customizing the installation media
3. Creating a bootable installation medium for RHEL
3.1. Installation boot media options
3.2. Creating a bootable DVD
3.3. Creating a bootable USB device on Linux
3.4. Creating a bootable USB device on Windows
3.5. Creating a bootable USB device on macOS
4. Booting the installation media
5. Optional: Customizing boot options
5.1. Boot options
5.2. Editing the boot: prompt in BIOS
5.3. Editing predefined boot options using the > prompt
5.4. Editing boot options for the UEFI-based systems
5.5. Updating drivers during installation
5.5.1. Overview
5.5.2. Types of driver update
5.5.3. Preparing a driver update
5.5.4. Performing an automatic driver update
5.5.5. Performing an assisted driver update
5.5.6. Performing a manual driver update
5.5.7. Disabling a driver
6. Customizing the system in the installer
6.1. Setting the installer language
6.2. Configuring the storage devices
6.2.1. Configuring installation destination
6.2.2. Special cases during installation destination configuration
6.2.3. Configuring boot loader
6.2.4. Storage device selection
6.2.5. Filtering storage devices
6.2.6. Using advanced storage options
6.2.6.1. Discovering and starting an iSCSI session
6.2.6.2. Configuring FCoE parameters
6.2.6.3. Configuring DASD storage devices
6.2.6.4. Configuring FCP devices
6.2.7. Installing to an NVDIMM device
6.2.7.1. Criteria for using an NVDIMM device as an installation target
6.2.7.2. Configuring an NVDIMM device using the graphical installation mode
6.3. Configuring the root user and creating local accounts
6.3.1. Configuring a root password
6.3.2. Creating a user account
6.3.3. Editing advanced user settings
6.4. Configuring manual partitioning
6.4.1. Recommended partitioning scheme
6.4.2. Supported hardware storage
6.4.3. Starting manual partitioning
6.4.4. Supported file systems
6.4.5. Adding a mount point file system
6.4.6. Configuring storage for a mount point file system
6.4.7. Customizing a mount point file system
6.4.8. Preserving the /home directory
6.4.9. Creating a software RAID during the installation
6.4.10. Creating an LVM logical volume
6.4.11. Configuring an LVM logical volume
6.4.12. Advice on partitions
6.5. Selecting the base environment and additional software
6.6. Optional: Configuring the network and host name
6.6.1. Adding a virtual network interface
6.6.2. Editing network interface configuration
6.6.3. Enabling or Disabling the Interface Connection
6.6.4. Setting up Static IPv4 or IPv6 Settings
6.6.5. Configuring Routes
6.7. Optional: Configuring the keyboard layout
6.8. Optional: Configuring the language support
6.9. Optional: Configuring the date and time-related settings
6.10. Optional: Subscribing the system and activating Red Hat Insights
6.11. Optional: Using network-based repositories for the installation
6.12. Optional: Configuring Kdump kernel crash-dumping mechanism
6.13. Optional: Selecting a security profile
6.13.1. About security policy
6.13.2. Configuring a security profile
6.13.3. Profiles not compatible with Server with GUI
6.13.4. Deploying baseline-compliant RHEL systems using Kickstart
6.13.5. Additional resources
7. Changing a subscription service
7.1. Unregistering from Subscription Management Server
7.1.1. Unregistering using command line
7.1.2. Unregistering using Subscription Manager user interface
7.2. Unregistering from Satellite Server
8. Preparing a system with UEFI Secure Boot enabled to install and boot RHEL beta releases
8.1. UEFI Secure Boot and RHEL Beta releases
8.2. Adding a Beta public key for UEFI Secure Boot
8.3. Removing a Beta public key
A. Boot options reference
A.1. Installation source boot options
A.2. Network boot options
A.3. Console boot options
A.4. Debug boot options
A.5. Storage boot options
A.6. Deprecated boot options
A.7. Removed boot options
9. Composing a customized RHEL system image
9.1. RHEL image builder description
9.1.1. RHEL image builder terminology
9.1.2. RHEL image builder output formats
9.1.3. Supported architectures for image builds
9.1.4. Additional resources
9.2. Installing RHEL image builder
9.2.1. RHEL image builder system requirements
9.2.2. Installing RHEL image builder
9.2.3. Reverting to lorax-composer RHEL image builder backend
9.3. Creating system images by using RHEL image builder CLI
9.3.1. Introducing the RHEL image builder command-line interface
9.3.2. Using RHEL image builder as a non-root user
9.3.3. Creating a blueprint by using the command line
9.3.4. Editing a blueprint by using the command line
9.3.5. Creating a system image with RHEL image builder on the command line
9.3.6. Basic RHEL image builder command-line commands
9.3.7. RHEL image builder blueprint format
9.3.8. Supported image customizations
9.3.8.1. Selecting a distribution
9.3.8.2. Selecting a package group
9.3.8.3. Embedding a container
9.3.8.4. Setting the image hostname
9.3.8.5. Specifying additional users
9.3.8.6. Specifying additional groups
9.3.8.7. Setting SSH key for existing users
9.3.8.8. Appending a kernel argument
9.3.8.9. Building RHEL images by using the real-time kernel
9.3.8.10. Setting time zone and NTP
9.3.8.11. Customizing the locale settings
9.3.8.12. Customizing firewall
9.3.8.13. Enabling or disabling services
9.3.8.14. Injecting a Kickstart file in an ISO image
9.3.8.15. Specifying a partition mode
9.3.8.16. Specifying a custom file system configuration
9.3.8.16.1. Specifying customized files in the blueprint
9.3.8.16.2. Specifying customized directories in the blueprint
9.3.8.17. Specify volume groups and logical volumes naming in the blueprint
9.3.9. Packages installed by RHEL image builder
9.3.10. Enabled services on custom images
9.4. Creating system images by using RHEL image builder web console interface
9.4.1. Accessing the RHEL image builder dashboard in the RHEL web console
9.4.2. Creating a blueprint in the web console interface
9.4.3. Importing a blueprint in the RHEL image builder web console interface
9.4.4. Exporting a blueprint from the RHEL image builder web console interface
9.4.5. Creating a system image by using RHEL image builder in the web console interface
9.5. Preparing and uploading cloud images by using RHEL image builder
9.5.1. Preparing and uploading AMI images to AWS
9.5.1.1. Preparing to manually upload AWS AMI images
9.5.1.2. Manually uploading an AMI image to AWS by using the CLI
9.5.1.3. Creating and automatically uploading images to the AWS Cloud AMI
9.5.2. Preparing and uploading VHD images to Microsoft Azure
9.5.2.1. Preparing to manually upload Microsoft Azure VHD images
9.5.2.2. Manually uploading VHD images to Microsoft Azure cloud
9.5.2.3. Creating and automatically uploading VHD images to Microsoft Azure cloud
9.5.2.4. Uploading VMDK images and creating a RHEL virtual machine in vSphere
9.5.2.5. Creating and automatically uploading VMDK images to vSphere using image builder GUI
9.5.3. Preparing and uploading custom GCE images to GCP
9.5.3.1. Uploading images to GCP with RHEL image builder
9.5.3.1.1. Configuring and uploading a gce image to GCP by using the CLI
9.5.3.1.2. How RHEL image builder sorts the authentication order of different GCP credentials
9.5.3.1.2.1. Specifying GCP credentials with the composer-cli command
9.5.3.1.2.2. Specifying credentials in the osbuild-composer worker configuration
9.5.4. Preparing and uploading custom images directly to OCI
9.5.4.1. Creating and automatically uploading custom images to OCI
9.5.5. Preparing and uploading customized QCOW2 images directly to OpenStack
9.5.5.1. Uploading QCOW2 images to OpenStack
9.5.6. Preparing and uploading customized RHEL images to the Alibaba Cloud
9.5.6.1. Preparing to upload customized RHEL images to Alibaba Cloud
9.5.6.2. Uploading customized RHEL images to Alibaba
9.5.6.3. Importing images to Alibaba Cloud
9.5.6.4. Creating an instance of a customized RHEL image using Alibaba Cloud
10. Performing an automated installation using Kickstart
10.1. Automated installation workflow
10.2. Creating Kickstart files
10.2.1. Creating a Kickstart file with the Kickstart configuration tool
10.2.2. Creating a Kickstart file by performing a manual installation
10.2.3. Converting a Kickstart file from previous RHEL installation
10.2.4. Creating a custom image using Image Builder
10.3. Adding the Kickstart file to a UEFI HTTP or PXE installation source
10.3.1. Ports for network-based installation
10.3.2. Sharing the installation files on an NFS server
10.3.3. Sharing the installation files on an HTTP or HTTPS server
10.3.4. Sharing the installation files on an FTP server
10.4. Semi-automated installations: Making Kickstart files available to the RHEL installer
10.4.1. Sharing the installation files on a local volume
10.4.2. Sharing the installation files on a local volume for automatic loading
10.5. Starting Kickstart installations
10.5.1. Starting a Kickstart installation automatically using PXE
10.5.2. Starting a Kickstart installation automatically using a local volume
10.5.3. Booting the installation on IBM Z to install RHEL in an LPAR
10.5.3.1. Booting the RHEL installation from an SFTP, FTPS, or FTP server to install in an IBM Z LPAR
10.5.3.2. Booting the RHEL installation from a prepared DASD to install in an IBM Z LPAR
10.5.3.3. Booting the RHEL installation from an FCP-attached SCSI disk to install in an IBM Z LPAR
10.5.3.4. Booting the RHEL installation from an FCP-attached SCSI DVD drive to install in an IBM Z LPAR
10.5.4. Booting the installation on IBM Z to install RHEL in z/VM
10.5.4.1. Booting the RHEL installation by using the z/VM Reader
10.5.4.2. Booting the RHEL installation by using a prepared DASD
10.5.4.3. Booting the RHEL installation by using a prepared FCP attached SCSI Disk
10.5.4.4. Booting the RHEL installation by using an FCP-attached SCSI DVD Drive
10.5.5. Consoles and logging during installation
11. Advanced configuration options
11.1. Configuring System Purpose
11.1.1. Overview
11.1.2. Configuring System Purpose in a Kickstart file
11.1.3. Additional resources
11.2. Preparing a UEFI HTTP installation source
11.2.1. Network install overview
11.2.2. Configuring the DHCPv4 server for network boot
11.2.3. Configuring the DHCPv6 server for network boot
11.2.4. Configuring the HTTP server for HTTP boot
12. Preparing a PXE installation source
12.1. Network install overview
12.2. Configuring the DHCPv4 server for network boot
12.3. Configuring the DHCPv6 server for network boot
12.4. Configuring a TFTP server for BIOS-based clients
12.5. Configuring a TFTP server for UEFI-based clients
12.6. Configuring a network server for IBM Power systems
13. Kickstart references
B. Kickstart script file format reference
B.1. Kickstart file format
B.2. Package selection in Kickstart
B.2.1. Package selection section
B.2.2. Package selection commands
B.2.3. Common package selection options
B.2.4. Options for specific package groups
B.3. Scripts in Kickstart file
B.3.1. %pre script
B.3.1.1. %pre script section options
B.3.2. %pre-install script
B.3.2.1. %pre-install script section options
B.3.3. %post script
B.3.3.1. %post script section options
B.3.3.2. Example: Mounting NFS in a post-install script
B.3.3.3. Example: Running subscription-manager as a post-install script
B.4. Anaconda configuration section
B.5. Kickstart error handling section
B.6. Kickstart add-on sections
C. Kickstart commands and options reference
C.1. Kickstart changes
C.1.1. Deprecated Kickstart commands and options
C.1.2. Removed Kickstart commands and options
C.2. Kickstart commands for installation program configuration and flow control
C.2.1. cdrom
C.2.2. cmdline
C.2.3. driverdisk
C.2.4. eula
C.2.5. firstboot
C.2.6. graphical
C.2.7. halt
C.2.8. harddrive
C.2.9. install (deprecated)
C.2.10. liveimg
C.2.11. logging
C.2.12. mediacheck
C.2.13. nfs
C.2.14. ostreesetup
C.2.15. poweroff
C.2.16. reboot
C.2.17. rhsm
C.2.18. shutdown
C.2.19. sshpw
C.2.20. text
C.2.21. url
C.2.22. vnc
C.2.23. hmc
C.2.24. %include
C.2.25. %ksappend
C.3. Kickstart commands for system configuration
C.3.1. auth or authconfig (deprecated)
C.3.2. authselect
C.3.3. firewall
C.3.4. group
C.3.5. keyboard (required)
C.3.6. lang (required)
C.3.7. module
C.3.8. repo
C.3.9. rootpw (required)
C.3.10. selinux
C.3.11. services
C.3.12. skipx
C.3.13. sshkey
C.3.14. syspurpose
C.3.15. timezone (required)
C.3.16. user
C.3.17. xconfig
C.4. Kickstart commands for network configuration
C.4.1. network (optional)
C.4.2. realm
C.5. Kickstart commands for handling storage
C.5.1. device (deprecated)
C.5.2. ignoredisk
C.5.3. clearpart
C.5.4. zerombr
C.5.5. bootloader
C.5.6. autopart
C.5.7. reqpart
C.5.8. part or partition
C.5.9. raid
C.5.10. volgroup
C.5.11. logvol
C.5.12. snapshot
C.5.13. mount
C.5.14. zipl
C.5.15. fcoe
C.5.16. iscsi
C.5.17. iscsiname
C.5.18. nvdimm
C.5.19. zfcp
C.6. Kickstart commands for addons supplied with the RHEL installation program
C.6.1. %addon com_redhat_kdump
C.6.2. %addon org_fedora_oscap
C.7. Commands used in Anaconda
C.7.1. pwpolicy
C.8. Kickstart commands for system recovery
C.8.1. rescue
II. Design of security
14. Securing RHEL during and right after installation
14.1. Disk partitioning
14.2. Restricting network connectivity during the installation process
14.3. Installing the minimum amount of packages required
14.4. Post-installation procedures
14.5. Disabling SMT to prevent CPU security issues by using the web console
15. Using system-wide cryptographic policies
15.1. System-wide cryptographic policies
15.2. Changing the system-wide cryptographic policy
15.3. Switching the system-wide cryptographic policy to mode compatible with earlier releases
15.4. Setting up system-wide cryptographic policies in the web console
15.5. Excluding an application from following system-wide cryptographic policies
15.5.1. Examples of opting out of the system-wide cryptographic policies
15.6. Customizing system-wide cryptographic policies with subpolicies
15.7. Disabling SHA-1 by customizing a system-wide cryptographic policy
15.8. Creating and setting a custom system-wide cryptographic policy
15.9. Enhancing security with the FUTURE cryptographic policy using the crypto_policies RHEL system role
15.10. Additional resources
16. Configuring applications to use cryptographic hardware through PKCS #11
16.1. Cryptographic hardware support through PKCS #11
16.2. Authenticating by SSH keys stored on a smart card
16.3. Configuring applications for authentication with certificates on smart cards
16.4. Using HSMs protecting private keys in Apache
16.5. Using HSMs protecting private keys in Nginx
16.6. Additional resources
17. Using shared system certificates
17.1. The system-wide truststore
17.2. Adding new certificates to the system-wide truststore
17.3. Trusted system certificates management with the trust command
18. Scanning the system for security compliance and vulnerabilities
18.1. Configuration compliance tools in RHEL
18.2. Red Hat Security Advisories OVAL feed
18.3. Vulnerability scanning
18.3.1. Red Hat Security Advisories OVAL feed
18.3.2. Scanning the system for vulnerabilities
18.3.3. Scanning remote systems for vulnerabilities
18.4. Configuration compliance scanning
18.4.1. Configuration compliance in RHEL
18.4.2. Possible results of an OpenSCAP scan
18.4.3. Viewing profiles for configuration compliance
18.4.4. Assessing configuration compliance with a specific baseline
18.5. Remediating the system to align with a specific baseline
18.6. Remediating the system to align with a specific baseline by using an SSG Ansible Playbook
18.7. Creating a remediation Ansible Playbook to align the system with a specific baseline
18.8. Creating a remediation Bash script for a later application
18.9. Scanning the system with a customized profile using SCAP Workbench
18.9.1. Using SCAP Workbench to scan and remediate the system
18.9.2. Customizing a security profile with SCAP Workbench
18.9.3. Additional resources
18.10. Scanning container and container images for vulnerabilities
18.11. Assessing security compliance of a container or a container image with a specific baseline
18.12. Checking integrity with AIDE
18.12.1. Installing AIDE
18.12.2. Performing integrity checks with AIDE
18.12.3. Updating an AIDE database
18.12.4. File-integrity tools: AIDE and IMA
18.12.5. Additional resources
18.13. Encrypting block devices using LUKS
18.13.1. LUKS disk encryption
18.13.2. LUKS versions in RHEL
18.13.3. Options for data protection during LUKS2 re-encryption
18.13.4. Encrypting existing data on a block device using LUKS2
18.13.5. Encrypting existing data on a block device using LUKS2 with a detached header
18.13.6. Encrypting a blank block device using LUKS2
18.13.7. Configuring the LUKS passphrase in the web console
18.13.8. Changing the LUKS passphrase in the web console
18.13.9. Changing the LUKS passphrase by using the command line
18.13.10. Creating a LUKS2 encrypted volume by using the storage RHEL system role
18.14. Configuring automated unlocking of encrypted volumes by using policy-based decryption
18.14.1. Network-bound disk encryption
18.14.2. Deploying a Tang server with SELinux in enforcing mode
18.14.3. Rotating Tang server keys and updating bindings on clients
18.14.4. Configuring automated unlocking by using a Tang key in the web console
18.14.5. Basic NBDE and TPM2 encryption-client operations
18.14.6. Configuring NBDE clients for automated unlocking of LUKS-encrypted volumes
18.14.7. Configuring NBDE clients with static IP configuration
18.14.8. Configuring manual enrollment of LUKS-encrypted volumes by using a TPM 2.0 policy
18.14.9. Removing a Clevis pin from a LUKS-encrypted volume manually
18.14.10. Configuring automated enrollment of LUKS-encrypted volumes by using Kickstart
18.14.11. Configuring automated unlocking of a LUKS-encrypted removable storage device
18.14.12. Deploying high-availability NBDE systems
18.14.13. Deployment of virtual machines in a NBDE network
18.14.14. Building automatically-enrollable VM images for cloud environments by using NBDE
18.14.15. Deploying Tang as a container
18.14.16. Configuring NBDE by using RHEL system roles
18.14.16.1. Using the nbde_server RHEL system role for setting up multiple Tang servers
18.14.16.2. Setting up Clevis clients with DHCP by using the nbde_client RHEL system role
18.14.16.3. Setting up static-IP Clevis clients by using the nbde_client RHEL system role
19. Using SELinux
19.1. Getting started with SELinux
19.1.1. Introduction to SELinux
19.1.2. Benefits of running SELinux
19.1.3. SELinux examples
19.1.4. SELinux architecture and packages
19.1.5. SELinux states and modes
19.2. Changing SELinux states and modes
19.2.1. Permanent changes in SELinux states and modes
19.2.2. Changing SELinux to permissive mode
19.2.3. Changing SELinux to enforcing mode
19.2.4. Enabling SELinux on systems that previously had it disabled
19.2.5. Disabling SELinux
19.2.6. Changing SELinux modes at boot time
19.3. Troubleshooting problems related to SELinux
19.3.1. Identifying SELinux denials
19.3.2. Analyzing SELinux denial messages
19.3.3. Fixing analyzed SELinux denials
19.3.4. Creating a local SELinux policy module
19.3.5. SELinux denials in the Audit log
19.3.6. Additional resources
III. Design of network
20. Configuring ip networking with ifcfg files
20.1. Configuring an interface with static network settings using ifcfg files
20.2. Configuring an interface with dynamic network settings using ifcfg files
20.3. Managing system-wide and private connection profiles with ifcfg files
21. Getting started with IPVLAN
21.1. IPVLAN modes
21.2. Comparison of IPVLAN and MACVLAN
21.3. Creating and configuring the IPVLAN device using iproute2
22. Reusing the same IP address on different interfaces
22.1. Permanently reusing the same IP address on different interfaces
22.2. Temporarily reusing the same IP address on different interfaces
22.3. Additional resources
23. Securing networks
23.1. Using secure communications between two systems with OpenSSH
23.1.1. Generating SSH key pairs
23.1.2. Setting key-based authentication as the only method on an OpenSSH server
23.1.3. Caching your SSH credentials by using ssh-agent
23.1.4. Authenticating by SSH keys stored on a smart card
23.1.5. Additional resources
23.2. Planning and implementing TLS
23.2.1. SSL and TLS protocols
23.2.2. Security considerations for TLS in RHEL 8
23.2.2.1. Protocols
23.2.2.2. Cipher suites
23.2.2.3. Public key length
23.2.3. Hardening TLS configuration in applications
23.2.3.1. Configuring the Apache HTTP server to use TLS
23.2.3.2. Configuring the Nginx HTTP and proxy server to use TLS
23.2.3.3. Configuring the Dovecot mail server to use TLS
23.3. Setting up an IPsec VPN
23.3.1. Libreswan as an IPsec VPN implementation
23.3.2. Authentication methods in Libreswan
23.3.3. Installing Libreswan
23.3.4. Creating a host-to-host VPN
23.3.5. Configuring a site-to-site VPN
23.3.6. Configuring a remote access VPN
23.3.7. Configuring a mesh VPN
23.3.8. Deploying a FIPS-compliant IPsec VPN
23.3.9. Protecting the IPsec NSS database by a password
23.3.10. Configuring an IPsec VPN to use TCP
23.3.11. Configuring automatic detection and usage of ESP hardware offload to accelerate an IPsec connection
23.3.12. Configuring ESP hardware offload on a bond to accelerate an IPsec connection
23.3.13. Configuring VPN connections by using RHEL system roles
23.3.13.1. Creating a host-to-host IPsec VPN with PSK authentication by using the vpn RHEL system role
23.3.13.2. Creating a host-to-host IPsec VPN with PSK authentication and separate data and control planes by using the vpn RHEL system role
23.3.13.3. Creating an IPsec mesh VPN among multiple hosts with certificate-based authentication by using the vpn RHEL system role
23.3.14. Configuring IPsec connections that opt out of the system-wide crypto policies
23.3.15. Troubleshooting IPsec VPN configurations
23.3.16. Configuring a VPN connection with control-center
23.3.17. Configuring a VPN connection using nm-connection-editor
23.3.18. Assigning a VPN connection to a dedicated routing table to prevent the connection from bypassing the tunnel
23.3.19. Additional resources
23.4. Using MACsec to encrypt layer-2 traffic in the same physical network
23.4.1. How MACsec increases security
23.4.2. Configuring a MACsec connection by using nmcli
23.5. Using and configuring firewalld
23.5.1. When to use firewalld, nftables, or iptables
23.5.2. Firewall zones
23.5.3. Firewall policies
23.5.4. Firewall rules
23.5.5. Firewall direct rules
23.5.6. Predefined firewalld services
23.5.7. Working with firewalld zones
23.5.7.1. Customizing firewall settings for a specific zone to enhance security
23.5.7.2. Changing the default zone
23.5.7.3. Assigning a network interface to a zone
23.5.7.4. Adding a source
23.5.7.5. Removing a source
23.5.7.6. Assigning a zone to a connection using nmcli
23.5.7.7. Manually assigning a zone to a network connection in an ifcfg file
23.5.7.8. Creating a new zone
23.5.7.9. Enabling zones by using the web console
23.5.7.10. Disabling zones by using the web console
23.5.7.11. Using zone targets to set default behavior for incoming traffic
23.5.7.12. Configuring dynamic updates for allowlisting with IP sets
23.5.8. Controlling network traffic using firewalld
23.5.8.1. Controlling traffic with predefined services using the CLI
23.5.8.2. Enabling services on the firewall by using the web console
23.5.8.3. Configuring custom ports by using the web console
23.5.9. Filtering forwarded traffic between zones
23.5.9.1. The relationship between policy objects and zones
23.5.9.2. Using priorities to sort policies
23.5.9.3. Using policy objects to filter traffic between locally hosted containers and a network physically connected to the host
23.5.9.4. Setting the default target of policy objects
23.5.10. Configuring NAT using firewalld
23.5.10.1. Network address translation types
23.5.10.2. Configuring IP address masquerading
23.5.10.3. Using DNAT to forward incoming HTTP traffic
23.5.10.4. Redirecting traffic from a non-standard port to make the web service accessible on a standard port
23.5.11. Prioritizing rich rules
23.5.11.1. How the priority parameter organizes rules into different chains
23.5.11.2. Setting the priority of a rich rule
23.5.12. Enabling traffic forwarding between different interfaces or sources within a firewalld zone
23.5.12.1. The difference between intra-zone forwarding and zones with the default target set to ACCEPT
23.5.12.2. Using intra-zone forwarding to forward traffic between an Ethernet and Wi-Fi network
23.5.13. Configuring firewalld by using RHEL system roles
23.5.13.1. Resetting the firewalld settings by using the firewall RHEL system role
23.5.13.2. Forwarding incoming traffic in firewalld from one local port to a different local port by using the firewall RHEL system role
23.5.13.3. Configuring a firewalld DMZ zone by using the firewall RHEL system role
23.6. Getting started with nftables
23.6.1. Creating and managing nftables tables, chains, and rules
23.6.1.1. Basics of nftables tables
23.6.1.2. Basics of nftables chains
23.6.1.3. Basics of nftables rules
23.6.1.4. Managing tables, chains, and rules using nft commands
23.6.2. Migrating from iptables to nftables
23.6.2.1. When to use firewalld, nftables, or iptables
23.6.2.2. Concepts in the nftables framework
23.6.2.3. Concepts in the deprecated iptables framework
23.6.2.4. Converting iptables and ip6tables rule sets to nftables
23.6.2.5. Converting single iptables and ip6tables rules to nftables
23.6.2.6. Comparison of common iptables and nftables commands
23.6.3. Configuring NAT using nftables
23.6.3.1. NAT types
23.6.3.2. Configuring masquerading using nftables
23.6.3.3. Configuring source NAT using nftables
23.6.3.4. Configuring destination NAT using nftables
23.6.3.5. Configuring a redirect using nftables
23.6.4. Writing and executing nftables scripts
23.6.4.1. Supported nftables script formats
23.6.4.2. Running nftables scripts
23.6.4.3. Using comments in nftables scripts
23.6.4.4. Using variables in nftables script
23.6.4.5. Including files in nftables scripts
23.6.4.6. Automatically loading nftables rules when the system boots
23.6.5. Using sets in nftables commands
23.6.5.1. Using anonymous sets in nftables
23.6.5.2. Using named sets in nftables
23.6.5.3. Using dynamic sets to add entries from the packet path
23.6.5.4. Additional resources
23.6.6. Using verdict maps in nftables commands
23.6.6.1. Using anonymous maps in nftables
23.6.6.2. Using named maps in nftables
23.6.6.3. Additional resources
23.6.7. Example: Protecting a LAN and DMZ using an nftables script
23.6.7.1. Network conditions
23.6.7.2. Security requirements to the firewall script
23.6.7.3. Configuring logging of dropped packets to a file
23.6.7.4. Writing and activating the nftables script
23.6.8. Using nftables to limit the amount of connections
23.6.8.1. Limiting the number of connections by using nftables
23.6.8.2. Blocking IP addresses that attempt more than ten new incoming TCP connections within one minute
23.6.9. Debugging nftables rules
23.6.9.1. Creating a rule with a counter
23.6.9.2. Adding a counter to an existing rule
23.6.9.3. Monitoring packets that match an existing rule
23.6.10. Backing up and restoring the nftables rule set
23.6.10.1. Backing up the nftables rule set to a file
23.6.10.2. Restoring the nftables rule set from a file
23.6.11. Additional resources
IV. Design of hard disk
24. Overview of available file systems
24.1. Types of file systems
24.2. Local file systems
24.3. The XFS file system
24.4. The ext4 file system
24.5. Comparison of XFS and ext4
24.6. Choosing a local file system
24.7. Network file systems
24.8. Shared storage file systems
24.9. Choosing between network and shared storage file systems
24.10. Volume-managing file systems
25. Mounting an SMB Share
25.1. Supported SMB protocol versions
25.2. UNIX extensions support
25.3. Manually mounting an SMB share
25.4. Mounting an SMB share automatically when the system boots
25.5. Creating a credentials file to authenticate to an SMB share
25.6. Performing a multi-user SMB mount
25.6.1. Mounting a share with the multiuser option
25.6.2. Verifying if an SMB share is mounted with the multiuser option
25.6.3. Accessing a share as a user
25.7. Frequently used SMB mount options
26. Overview of persistent naming attributes
26.1. Disadvantages of non-persistent naming attributes
26.2. File system and device identifiers
26.3. Device names managed by the udev mechanism in /dev/disk/
26.3.1. File system identifiers
26.3.2. Device identifiers
26.4. The World Wide Identifier with DM Multipath
26.5. Limitations of the udev device naming convention
26.6. Listing persistent naming attributes
26.7. Modifying persistent naming attributes
27. Getting started with partitions
27.1. Creating a partition table on a disk with parted
27.2. Viewing the partition table with parted
27.3. Creating a partition with parted
27.4. Setting a partition type with fdisk
27.5. Resizing a partition with parted
27.6. Removing a partition with parted
28. Getting started with XFS
28.1. The XFS file system
28.2. Comparison of tools used with ext4 and XFS
29. Mounting file systems
29.1. The Linux mount mechanism
29.2. Listing currently mounted file systems
29.3. Mounting a file system with mount
29.4. Moving a mount point
29.5. Unmounting a file system with umount
29.6. Mounting and unmounting file systems in the web console
29.7. Common mount options
30. Sharing a mount on multiple mount points
30.1. Types of shared mounts
30.2. Creating a private mount point duplicate
30.3. Creating a shared mount point duplicate
30.4. Creating a slave mount point duplicate
30.5. Preventing a mount point from being duplicated
31. Persistently mounting file systems
31.1. The /etc/fstab file
31.2. Adding a file system to /etc/fstab
32. Mounting file systems on demand
32.1. The autofs service
32.2. The autofs configuration files
32.3. Configuring autofs mount points
32.4. Automounting NFS server user home directories with autofs service
32.5. Overriding or augmenting autofs site configuration files
32.6. Using LDAP to store automounter maps
32.7. Using systemd.automount to mount a file system on demand with /etc/fstab
32.8. Using systemd.automount to mount a file system on-demand with a mount unit
33. Using SSSD component from IdM to cache the autofs maps
33.1. Configuring autofs manually to use IdM server as an LDAP server
33.2. Configuring SSSD to cache autofs maps
34. Setting read-only permissions for the root file system
34.1. Files and directories that always retain write permissions
34.2. Configuring the root file system to mount with read-only permissions on boot
35. Managing storage devices
35.1. Setting up Stratis file systems
35.1.1. Components of a Stratis file system
35.1.2. Block devices compatible with Stratis
35.1.3. Installing Stratis
35.1.4. Creating an unencrypted Stratis pool
35.1.5. Creating an unencrypted Stratis pool by using the web console
35.1.6. Creating an encrypted Stratis pool using a key in the kernel keyring
35.1.7. Creating an encrypted Stratis pool by using the web console
35.1.8. Renaming a Stratis pool by using the web console
35.1.9. Setting overprovisioning mode in Stratis file system
35.1.10. Binding a Stratis pool to NBDE
35.1.11. Binding a Stratis pool to TPM
35.1.12. Unlocking an encrypted Stratis pool with kernel keyring
35.1.13. Unbinding a Stratis pool from supplementary encryption
35.1.14. Starting and stopping Stratis pool
35.1.15. Creating a Stratis file system
35.1.16. Creating a file system on a Stratis pool by using the web console
35.1.17. Mounting a Stratis file system
35.1.18. Setting up non-root Stratis file systems in /etc/fstab using a systemd service
35.2. Extending a Stratis pool with additional block devices
35.2.1. Adding block devices to a Stratis pool
35.2.2. Adding a block device to a Stratis pool by using the web console
35.3. Monitoring Stratis file systems
35.3.1. Displaying information about Stratis file systems
35.3.2. Viewing a Stratis pool by using the web console
35.4. Using snapshots on Stratis file systems
35.4.1. Characteristics of Stratis snapshots
35.4.2. Creating a Stratis snapshot
35.4.3. Accessing the content of a Stratis snapshot
35.4.4. Reverting a Stratis file system to a previous snapshot
35.4.5. Removing a Stratis snapshot
35.5. Removing Stratis file systems
35.5.1. Removing a Stratis file system
35.5.2. Deleting a file system from a Stratis pool by using the web console
35.5.3. Removing a Stratis pool
35.5.4. Deleting a Stratis pool by using the web console
35.6. Getting started with swap
35.6.1. Overview of swap space
35.6.2. Recommended system swap space
35.6.3. Creating an LVM2 logical volume for swap
35.6.4. Creating a swap file
35.6.5. Creating a swap volume by using the storage RHEL system role
35.6.6. Extending swap on an LVM2 logical volume
35.6.7. Reducing swap on an LVM2 logical volume
35.6.8. Removing an LVM2 logical volume for swap
35.6.9. Removing a swap file
35.7. Managing local storage by using RHEL system roles
35.7.1. Creating an XFS file system on a block device by using the storage RHEL system role
35.7.2. Persistently mounting a file system by using the storage RHEL system role
35.7.3. Creating or resizing a logical volume by using the storage RHEL system role
35.7.4. Enabling online block discard by using the storage RHEL system role
35.7.5. Creating and mounting a file system by using the storage RHEL system role
35.7.6. Configuring a RAID volume by using the storage RHEL system role
35.7.7. Configuring an LVM pool with RAID by using the storage RHEL system role
35.7.8. Configuring a stripe size for RAID LVM volumes by using the storage RHEL system role
35.7.9. Configuring an LVM-VDO volume by using the storage RHEL system role
35.7.10. Creating a LUKS2 encrypted volume by using the storage RHEL system role
35.7.11. Creating shared LVM devices using the storage RHEL system role
36. Deduplicating and compressing storage
36.1. Deploying VDO
36.1.1. Introduction to VDO
36.1.2. VDO deployment scenarios
36.1.3. Components of a VDO volume
36.1.4. The physical and logical size of a VDO volume
36.1.5. Slab size in VDO
36.1.6. VDO requirements
36.1.6.1. VDO memory requirements
36.1.6.2. VDO storage space requirements
36.1.6.3. Placement of VDO in the storage stack
36.1.6.4. Examples of VDO requirements by physical size
36.1.7. Installing VDO
36.1.8. Creating a VDO volume
36.1.9. Mounting a VDO volume
36.1.10. Enabling periodic block discard
36.1.11. Monitoring VDO
36.2. Maintaining VDO
36.2.1. Managing free space on VDO volumes
36.2.1.1. The physical and logical size of a VDO volume
36.2.1.2. Thin provisioning in VDO
36.2.1.3. Monitoring VDO
36.2.1.4. Reclaiming space for VDO on file systems
36.2.1.5. Reclaiming space for VDO without a file system
36.2.1.6. Reclaiming space for VDO on Fibre Channel or Ethernet network
36.2.2. Starting or stopping VDO volumes
36.2.2.1. Started and activated VDO volumes
36.2.2.2. Starting a VDO volume
36.2.2.3. Stopping a VDO volume
36.2.2.4. Additional resources
36.2.3. Automatically starting VDO volumes at system boot
36.2.3.1. Started and activated VDO volumes
36.2.3.2. Activating a VDO volume
36.2.3.3. Deactivating a VDO volume
36.2.4. Selecting a VDO write mode
36.2.4.1. VDO write modes
36.2.4.2. The internal processing of VDO write modes
36.2.4.3. Checking the write mode on a VDO volume
36.2.4.4. Checking for a volatile cache
36.2.4.5. Setting a VDO write mode
36.2.5. Recovering a VDO volume after an unclean shutdown
36.2.5.1. VDO write modes
36.2.5.2. VDO volume recovery
36.2.5.3. VDO operating modes
36.2.5.4. Recovering a VDO volume online
36.2.5.5. Forcing an offline rebuild of a VDO volume metadata
36.2.5.6. Removing an unsuccessfully created VDO volume
36.2.6. Optimizing the UDS index
36.2.6.1. Components of a VDO volume
36.2.6.2. The UDS index
36.2.6.3. Recommended UDS index configuration
36.2.7. Enabling or disabling deduplication in VDO
36.2.7.1. Deduplication in VDO
36.2.7.2. Enabling deduplication on a VDO volume
36.2.7.3. Disabling deduplication on a VDO volume
36.2.8. Enabling or disabling compression in VDO
36.2.8.1. Compression in VDO
36.2.8.2. Enabling compression on a VDO volume
36.2.8.3. Disabling compression on a VDO volume
36.2.9. Increasing the size of a VDO volume
36.2.9.1. The physical and logical size of a VDO volume
36.2.9.2. Thin provisioning in VDO
36.2.9.3. Increasing the logical size of a VDO volume
36.2.9.4. Increasing the physical size of a VDO volume
36.2.10. Removing VDO volumes
36.2.10.1. Removing a working VDO volume
36.2.10.2. Removing an unsuccessfully created VDO volume
36.2.11. Additional resources
36.3. Discarding unused blocks
36.3.1. Types of block discard operations
36.3.2. Performing batch block discard
36.3.3. Enabling online block discard
36.3.4. Enabling online block discard by using the storage RHEL system role
36.3.5. Enabling periodic block discard
V. Design of log file
37. Auditing the system
37.1. Linux Audit
37.2. Audit system architecture
37.3. Configuring auditd for a secure environment
37.4. Starting and controlling auditd
37.5. Understanding Audit log files
37.6. Using auditctl for defining and executing Audit rules
37.7. Defining persistent Audit rules
37.8. Pre-configured Audit rules files for compliance with standards
37.9. Using augenrules to define persistent rules
37.10. Disabling augenrules
37.11. Setting up Audit to monitor software updates
37.12. Monitoring user login times with Audit
37.13. Additional resources
VI. Design of kernel
38. The Linux kernel
38.1. What the kernel is
38.2. RPM packages
38.3. The Linux kernel RPM package overview
38.4. Displaying contents of a kernel package
38.5. Installing specific kernel versions
38.6. Updating the kernel
38.7. Setting a kernel as default
39. Configuring kernel command-line parameters
39.1. What are kernel command-line parameters
39.2. Understanding boot entries
39.3. Changing kernel command-line parameters for all boot entries
39.4. Changing kernel command-line parameters for a single boot entry
39.5. Changing kernel command-line parameters temporarily at boot time
39.6. Configuring GRUB settings to enable serial console connection
40. Configuring kernel parameters at runtime
40.1. What are kernel parameters
40.2. Configuring kernel parameters temporarily with sysctl
40.3. Configuring kernel parameters permanently with sysctl
40.4. Using configuration files in /etc/sysctl.d/ to adjust kernel parameters
40.5. Configuring kernel parameters temporarily through /proc/sys/
41. Installing and configuring kdump
41.1. Installing kdump
41.1.1. What is kdump
41.1.2. Installing kdump using Anaconda
41.1.3. Installing kdump on the command line
41.2. Configuring kdump on the command line
41.2.1. Estimating the kdump size
41.2.2. Configuring kdump memory usage
41.2.3. Configuring the kdump target
41.2.4. Configuring the kdump core collector
41.2.5. Configuring the kdump default failure responses
41.2.6. Configuration file for kdump
41.2.7. Testing the kdump configuration
41.2.8. Files produced by kdump after system crash
41.2.9. Enabling and disabling the kdump service
41.2.10. Preventing kernel drivers from loading for kdump
41.2.11. Running kdump on systems with encrypted disk
41.3. Enabling kdump
41.3.1. Enabling kdump for all installed kernels
41.3.2. Enabling kdump for a specific installed kernel
41.3.3. Disabling the kdump service
41.4. Configuring kdump in the web console
41.4.1. Configuring kdump memory usage and target location in web console
41.5. Supported kdump configurations and targets
41.5.1. Memory requirements for kdump
41.5.2. Minimum threshold for automatic memory reservation
41.5.3. Supported kdump targets
41.5.4. Supported kdump filtering levels
41.5.5. Supported default failure responses
41.5.6. Using final_action parameter
41.5.7. Using failure_action parameter
41.6. Testing the kdump configuration
41.7. Using kexec to boot into a different kernel
41.8. Preventing kernel drivers from loading for kdump
41.9. Running kdump on systems with encrypted disk
41.10. Firmware assisted dump mechanisms
41.10.1. Firmware assisted dump on IBM PowerPC hardware
41.10.2. Enabling firmware assisted dump mechanism
41.10.3. Firmware assisted dump mechanisms on IBM Z hardware
41.10.4. Using sadump on Fujitsu PRIMEQUEST systems
41.11. Analyzing a core dump
41.11.1. Installing the crash utility
41.11.2. Running and exiting the crash utility
41.11.3. Displaying various indicators in the crash utility
41.11.4. Using Kernel Oops Analyzer
41.11.5. The Kdump Helper tool
41.12. Using early kdump to capture boot time crashes
41.12.1. Enabling early kdump
41.13. Related information
42. Applying patches with kernel live patching
42.1. Limitations of kpatch
42.2. Support for third-party live patching
42.3. Access to kernel live patches
42.4. The process of live patching kernels
42.5. Subscribing the currently installed kernels to the live patching stream
42.6. Automatically subscribing any future kernel to the live patching stream
42.7. Disabling automatic subscription to the live patching stream
42.8. Updating kernel patch modules
42.9. Removing the live patching package
42.10. Uninstalling the kernel patch module
42.11. Disabling kpatch.service
43. Setting system resource limits for applications by using control groups
43.1. Introducing control groups
43.2. Introducing kernel resource controllers
43.3. Introducing namespaces
43.4. Setting CPU limits to applications using cgroups-v1
44. Analyzing system performance with BPF Compiler Collection
44.1. Installing the bcc-tools package
44.2. Using selected bcc-tools for performance analyses
VII. Design of high availability system
45. High Availability Add-On overview
45.1. High Availability Add-On components
45.2. High Availability Add-On concepts
45.2.1. Fencing
45.2.2. Quorum
45.2.3. Cluster resources
45.3. Pacemaker overview
45.3.1. Pacemaker architecture components
45.3.2. Pacemaker configuration and management tools
45.3.3. The cluster and Pacemaker configuration files
45.4. LVM logical volumes in a Red Hat high availability cluster
45.4.1. Choosing HA-LVM or shared volumes
45.4.2. Configuring LVM volumes in a cluster
46. Getting started with Pacemaker
46.1. Learning to use Pacemaker
46.2. Learning to configure failover
47. The pcs command-line interface
47.1. pcs help display
47.2. Viewing the raw cluster configuration
47.3. Saving a configuration change to a working file
47.4. Displaying cluster status
47.5. Displaying the full cluster configuration
47.6. Modifying the corosync.conf file with the pcs command
47.7. Displaying the corosync.conf file with the pcs command
48. Creating a Red Hat High-Availability cluster with Pacemaker
48.1. Installing cluster software
48.2. Installing the pcp-zeroconf package (recommended)
48.3. Creating a high availability cluster
48.4. Creating a high availability cluster with multiple links
48.5. Configuring fencing
48.6. Backing up and restoring a cluster configuration
48.7. Enabling ports for the High Availability Add-On
49. Configuring an active/passive Apache HTTP server in a Red Hat High Availability cluster
49.1. Configuring an LVM volume with an XFS file system in a Pacemaker cluster
49.2. Ensuring a volume group is not activated on multiple cluster nodes (RHEL 8.4 and earlier)
49.3. Configuring an Apache HTTP Server
49.4. Creating the resources and resource groups
49.5. Testing the resource configuration
50. Configuring an active/passive NFS server in a Red Hat High Availability cluster
50.1. Configuring an LVM volume with an XFS file system in a Pacemaker cluster
50.2. Ensuring a volume group is not activated on multiple cluster nodes (RHEL 8.4 and earlier)
50.3. Configuring an NFS share
50.4. Configuring the resources and resource group for an NFS server in a cluster
50.5. Testing the NFS resource configuration
50.5.1. Testing the NFS export
50.5.2. Testing for failover
51. GFS2 file systems in a cluster
51.1. Configuring a GFS2 file system in a cluster
51.2. Configuring an encrypted GFS2 file system in a cluster
51.2.1. Configure a shared logical volume in a Pacemaker cluster
51.2.2. Encrypt the logical volume and create a crypt resource
51.2.3. Format the encrypted logical volume with a GFS2 file system and create a file system resource for the cluster
51.3. Migrating a GFS2 file system from RHEL7 to RHEL8
52. Configuring fencing in a Red Hat High Availability cluster
52.1. Displaying available fence agents and their options
52.2. Creating a fence device
52.3. General properties of fencing devices
52.4. Fencing delays
52.5. Testing a fence device
52.6. Configuring fencing levels
52.7. Configuring fencing for redundant power supplies
52.8. Displaying configured fence devices
52.9. Exporting fence devices as pcs commands
52.10. Modifying and deleting fence devices
52.11. Manually fencing a cluster node
52.12. Disabling a fence device
52.13. Preventing a node from using a fencing device
52.14. Configuring ACPI for use with integrated fence devices
52.14.1. Disabling ACPI Soft-Off with the BIOS
52.14.2. Disabling ACPI Soft-Off in the logind.conf file
52.14.3. Disabling ACPI completely in the GRUB file
53. Configuring cluster resources
53.1. Resource agent identifiers
53.2. Displaying resource-specific parameters
53.3. Configuring resource meta options
53.3.1. Changing the default value of a resource option
53.3.2. Changing the default value of a resource option for sets of resources
53.3.3. Displaying currently configured resource defaults
53.3.4. Setting meta options on resource creation
53.4. Configuring resource groups
53.4.1. Creating a resource group
53.4.2. Removing a resource group
53.4.3. Displaying resource groups
53.4.4. Group options
53.4.5. Group stickiness
53.5. Determining resource behavior
54. Determining which nodes a resource can run on
54.1. Configuring location constraints
54.2. Limiting resource discovery to a subset of nodes
54.3. Configuring a location constraint strategy
54.3.1. Configuring an "Opt-In" cluster
54.3.2. Configuring an "Opt-Out" cluster
54.4. Configuring a resource to prefer its current node
55. Determining the order in which cluster resources are run
55.1. Configuring mandatory ordering
55.2. Configuring advisory ordering
55.3. Configuring ordered resource sets
55.4. Configuring startup order for resource dependencies not managed by Pacemaker
56. Colocating cluster resources
56.1. Specifying mandatory placement of resources
56.2. Specifying advisory placement of resources
56.3. Colocating sets of resources
57. Displaying resource constraints and resource dependencies
58. Determining resource location with rules
58.1. Pacemaker rules
58.1.1. Node attribute expressions
58.1.2. Time/date based expressions
58.1.3. Date specifications
58.2. Configuring a Pacemaker location constraint using rules
59. Managing cluster resources
59.1. Displaying configured resources
59.2. Exporting cluster resources as pcs commands
59.3. Modifying resource parameters
59.4. Clearing failure status of cluster resources
59.5. Moving resources in a cluster
59.5.1. Moving resources due to failure
59.5.2. Moving resources due to connectivity changes
59.6. Disabling a monitor operation
59.7. Configuring and managing cluster resource tags
59.7.1. Tagging cluster resources for administration by category
59.7.2. Deleting a tagged cluster resource
60. Creating cluster resources that are active on multiple nodes (cloned resources)
60.1. Creating and removing a cloned resource
60.2. Configuring clone resource constraints
60.3. Promotable clone resources
60.3.1. Creating a promotable clone resource
60.3.2. Configuring promotable resource constraints
60.4. Demoting a promoted resource on failure
61. Managing cluster nodes
61.1. Stopping cluster services
61.2. Enabling and disabling cluster services
61.3. Adding cluster nodes
61.4. Removing cluster nodes
61.5. Adding a node to a cluster with multiple links
61.6. Adding and modifying links in an existing cluster
61.6.1. Adding and removing links in an existing cluster
61.6.2. Modifying a link in a cluster with multiple links
61.6.3. Modifying the link addresses in a cluster with a single link
61.6.4. Modifying the link options for a link in a cluster with a single link
61.6.5. Modifying a link when adding a new link is not possible
61.7. Configuring a node health strategy
61.8. Configuring a large cluster with many resources
62. Pacemaker cluster properties
62.1. Summary of cluster properties and options
62.2. Setting and removing cluster properties
62.3. Querying cluster property settings
62.4. Exporting cluster properties as pcs commands
63. Configuring a virtual domain as a resource
63.1. Virtual domain resource options
63.2. Creating the virtual domain resource
64. Configuring cluster quorum
64.1. Configuring quorum options
64.2. Modifying quorum options
64.3. Displaying quorum configuration and status
64.4. Running inquorate clusters
65. Integrating non-corosync nodes into a cluster: the pacemaker_remote service
65.1. Host and guest authentication of pacemaker_remote nodes
65.2. Configuring KVM guest nodes
65.2.1. Guest node resource options
65.2.2. Integrating a virtual machine as a guest node
65.3. Configuring Pacemaker remote nodes
65.3.1. Remote node resource options
65.3.2. Remote node configuration overview
65.4. Changing the default port location
65.5. Upgrading systems with pacemaker_remote nodes
66. Performing cluster maintenance
66.1. Putting a node into standby mode
66.2. Manually moving cluster resources
66.2.1. Moving a resource from its current node
66.2.2. Moving a resource to its preferred node
66.3. Disabling, enabling, and banning cluster resources
66.4. Setting a resource to unmanaged mode
66.5. Putting a cluster in maintenance mode
66.6. Updating a RHEL high availability cluster
66.7. Upgrading remote nodes and guest nodes
66.8. Migrating VMs in a RHEL cluster
66.9. Identifying clusters by UUID
67. Configuring and managing logical volumes
67.1. Overview of logical volume management
67.1.1. LVM architecture
67.1.2. Advantages of LVM
67.2. Managing LVM physical volumes
67.2.1. Creating an LVM physical volume
67.2.2. Removing LVM physical volumes
67.2.3. Creating logical volumes in the web console
67.2.4. Formatting logical volumes in the web console
67.2.5. Resizing logical volumes in the web console
67.2.6. Additional resources
67.3. Managing LVM volume groups
67.3.1. Creating an LVM volume group
67.3.2. Creating volume groups in the web console
67.3.3. Renaming an LVM volume group
67.3.4. Extending an LVM volume group
67.3.5. Combining LVM volume groups
67.3.6. Removing physical volumes from a volume group
67.3.7. Splitting a LVM volume group
67.3.8. Moving a volume group to another system
67.3.9. Removing LVM volume groups
67.3.10. Removing LVM volume groups in a cluster environment
67.4. Managing LVM logical volumes
67.4.1. Overview of logical volume features
67.4.2. Managing logical volume snapshots
67.4.2.1. Understanding logical volume snapshots
67.4.2.2. Managing thick logical volume snapshots
67.4.2.2.1. Creating thick logical volume snapshots
67.4.2.2.2. Manually extending logical volume snapshots
67.4.2.2.3. Automatically extending thick logical volume snapshots
67.4.2.2.4. Merging thick logical volume snapshots
67.4.2.3. Managing thin logical volume snapshots
67.4.2.3.1. Creating thin logical volume snapshots
67.4.2.3.2. Merging thin logical volume snapshots
67.4.3. Creating a RAID0 striped logical volume
67.4.4. Removing a disk from a logical volume
67.4.5. Changing physical drives in volume groups using the web console
67.4.5.1. Adding physical drives to volume groups in the web console
67.4.5.2. Removing physical drives from volume groups in the web console
67.4.6. Removing logical volumes
67.4.7. Managing LVM logical volumes by using RHEL system roles
67.4.7.1. Creating or resizing a logical volume by using the storage RHEL system role
67.4.7.2. Additional resources
67.4.8. Resizing an existing file system on LVM by using the storage RHEL system role
67.5. Modifying the size of a logical volume
67.5.1. Extending a striped logical volume
67.6. Customizing the LVM report
67.6.1. Controlling the format of the LVM display
67.6.2. Specifying the units for an LVM display
67.6.3. Customizing the LVM configuration file
67.6.4. Defining LVM selection criteria
67.7. Configuring RAID logical volumes
67.7.1. RAID levels and linear support
67.7.2. LVM RAID segment types
67.7.3. Parameters for creating a RAID0
67.7.4. Creating RAID logical volumes
67.7.5. Configuring an LVM pool with RAID by using the storage RHEL system role
67.7.6. Creating a RAID0 striped logical volume
67.7.7. Configuring a stripe size for RAID LVM volumes by using the storage RHEL system role
67.7.8. Soft data corruption
67.7.9. Creating a RAID logical volume with DM integrity
67.7.10. Converting a RAID logical volume to another RAID level
67.7.11. Converting a linear device to a RAID logical volume
67.7.12. Converting an LVM RAID1 logical volume to an LVM linear logical volume
67.7.13. Converting a mirrored LVM device to a RAID1 logical volume
67.7.14. Changing the number of images in an existing RAID1 device
67.7.15. Splitting off a RAID image as a separate logical volume
67.7.16. Splitting and merging a RAID Image
67.7.17. Setting the RAID fault policy to allocate
67.7.18. Setting the RAID fault policy to warn
67.7.19. Replacing a working RAID device
67.7.20. Replacing a failed RAID device in a logical volume
67.7.21. Checking data coherency in a RAID logical volume
67.7.22. I/O Operations on a RAID1 logical volume
67.7.23. Reshaping a RAID volume
67.7.24. Changing the region size on a RAID logical volume
67.8. Snapshot of logical volumes
67.8.1. Overview of snapshot volumes
67.8.2. Creating a Copy-On-Write snapshot
67.8.3. Merging snapshot to its original volume
67.8.4. Creating LVM snapshots using the snapshot RHEL System Role
67.8.5. Unmounting LVM snapshots using the snapshot RHEL System Role
67.8.6. Extending LVM snapshots using the snapshot RHEL System Role
67.8.7. Reverting LVM snapshots using the snapshot RHEL System Role
67.8.8. Removing LVM snapshots using the snapshot RHEL System Role
67.9. Creating and managing thin-provisioned volumes (thin volumes)
67.9.1. Overview of thin provisioning
67.9.2. Creating thinly-provisioned logical volumes
67.9.3. Creating pools for thinly provisioned volumes in the web console
67.9.4. Creating thinly provisioned logical volumes in the web console
67.9.5. Overview of chunk size
67.9.6. Thinly-provisioned snapshot volumes
67.9.7. Creating thinly-provisioned snapshot volumes
67.9.8. Creating thinly-provisioned snapshot volumes with the web console
67.10. Enabling caching to improve logical volume performance
67.10.1. Caching methods in LVM
67.10.2. LVM caching components
67.10.3. Enabling dm-cache caching for a logical volume
67.10.4. Enabling dm-cache caching with a cachepool for a logical volume
67.10.5. Enabling dm-writecache caching for a logical volume
67.10.6. Disabling caching for a logical volume
67.11. Logical volume activation
67.11.1. Controlling autoactivation of logical volumes and volume groups
67.11.2. Controlling logical volume activation
67.11.3. Activating shared logical volumes
67.11.4. Activating a logical volume with missing devices
67.12. Limiting LVM device visibility and usage
67.12.1. Persistent identifiers for LVM filtering
67.12.2. The LVM device filter
67.12.2.1. LVM device filter pattern characteristics
67.12.2.2. Examples of LVM device filter configurations
67.12.2.3. Applying an LVM device filter configuration
67.13. Controlling LVM allocation
67.13.1. Allocating extents from specified devices
67.13.2. LVM allocation policies
67.13.3. Preventing allocation on a physical volume
67.14. Troubleshooting LVM
67.14.1. Gathering diagnostic data on LVM
67.14.2. Displaying information about failed LVM devices
67.14.3. Removing lost LVM physical volumes from a volume group
67.14.4. Finding the metadata of a missing LVM physical volume
67.14.5. Restoring metadata on an LVM physical volume
67.14.6. Rounding errors in LVM output
67.14.7. Preventing the rounding error when creating an LVM volume
67.14.8. LVM metadata and their location on disk
67.14.9. Extracting VG metadata from a disk
67.14.10. Saving extracted metadata to a file
67.14.11. Repairing a disk with damaged LVM headers and metadata using the pvcreate and the vgcfgrestore commands
67.14.12. Repairing a disk with damaged LVM headers and metadata using the pvck command
67.14.13. Troubleshooting LVM RAID
67.14.13.1. Checking data coherency in a RAID logical volume
67.14.13.2. Replacing a failed RAID device in a logical volume
67.14.14. Troubleshooting duplicate physical volume warnings for multipathed LVM devices
67.14.14.1. Root cause of duplicate PV warnings
67.14.14.2. Cases of duplicate PV warnings
67.14.14.3. Example LVM device filters that prevent duplicate PV warnings
67.14.14.4. Additional resources
Legal Notice
Part IV. Design of hard disk
Previous
Next