Ceci est une ancienne révision du document !
Table des matières
Dernière mise-à-jour : 2021/12/18 09:47
LCF512 - Gestion du Noyau et des Quotas
Contenu du Module
- LCF512 - Gestion du Noyau et des Quotas
- Contenu du Module
- Rôle du noyau
- LAB #1 - Modules
- LAB #2 - Compilation et installation du noyau et des modules
- 2.1 - Déplacer /home
- 2.2 - Préparer l'Environnement
- 2.3 - Préparer l'Arborescence Source du Noyau
- Le Fichier .config
- Le Fichier Makefile
- 2.4 - Paramétrage du noyau
- 2.5 - Compiler le Noyau
- 2.6 - Installer le Nouveau Noyau
- LAB #3 - Gestion des Quotas
- 3.1 - La Commande quotacheck
- 3.2 - La Commande edquota
- 3.3 - La Commande quotaon
- 3.4 - La Commande repquota
- 3.5 - La Commande quota
- 3.6 - La Commande warnquota
Rôle du noyau
Le noyau ou kernel est la partie du système d'exploitation qui gère les entrées/sorties avec des périphériques. Dans certains cas il est préférable de recompiler le noyau de Linux. La motivation de cette recompilation peut être :
- la diminution de la taille du noyau,
- la prise en charge de nouveau matériel,
- l'ajout de fonctionnalités,
- l'optimisation du code,
- la correction de bogues,
- le besoin d'une fonctionnalité expérimentale.
Commencez par mettre à jour CentOS 8 :
[root@centos8 ~]# dnf update ... [root@centos8 ~]# reboot
Identifiez ensuite le noyau utilisé par votre machine virtuelle :
[root@centos8 ~]# uname -r 4.18.0-305.7.1.el8_4.x86_64
LAB #1 - Modules
Dans le cas d'une utilisation courante de Linux, il est cependant préférable de faire appel aux modules. Les modules se trouvent dans le répertoire /lib/modules/<version-du-noyau> :
[root@centos8 ~]# ls /lib/modules/`uname -r`/ bls.conf modules.builtin modules.networking System.map build modules.builtin.bin modules.order updates config modules.dep modules.softdep vdso kernel modules.dep.bin modules.symbols vmlinuz modules.alias modules.devname modules.symbols.bin weak-updates modules.alias.bin modules.drm source modules.block modules.modesetting symvers.gz
Les commandes pour manipuler les modules sont :
- insmod
- rmmod
- lsmod
- modprobe
Par exemple :
[root@centos8 ~]# lsmod Module Size Used by xt_CHECKSUM 16384 1 ipt_MASQUERADE 16384 3 xt_conntrack 16384 1 ipt_REJECT 16384 2 nft_compat 20480 16 nf_nat_tftp 16384 0 nft_objref 16384 1 nf_conntrack_tftp 16384 3 nf_nat_tftp nft_counter 16384 33 tun 53248 1 bridge 192512 0 stp 16384 1 bridge llc 16384 2 bridge,stp nft_fib_inet 16384 1 nft_fib_ipv4 16384 1 nft_fib_inet nft_fib_ipv6 16384 1 nft_fib_inet nft_fib 16384 3 nft_fib_ipv6,nft_fib_ipv4,nft_fib_inet nft_reject_inet 16384 5 nf_reject_ipv4 16384 2 nft_reject_inet,ipt_REJECT nf_reject_ipv6 16384 1 nft_reject_inet nft_reject 16384 1 nft_reject_inet nft_ct 20480 19 nf_tables_set 49152 21 nft_chain_nat 16384 12 nf_nat 45056 3 ipt_MASQUERADE,nf_nat_tftp,nft_chain_nat nf_conntrack 172032 6 xt_conntrack,nf_nat,nf_conntrack_tftp,nft_ct,ipt_MASQUERADE,nf_nat_tftp nf_defrag_ipv6 20480 1 nf_conntrack nf_defrag_ipv4 16384 1 nf_conntrack ip_set 49152 0 nf_tables 172032 414 nft_ct,nft_compat,nft_reject_inet,nft_fib_ipv6,nft_objref,nft_fib_ipv4,nft_counter,nft_chain_nat,nf_tables_set,nft_reject,nft_fib,nft_fib_inet nfnetlink 16384 4 nft_compat,nf_tables,ip_set sunrpc 540672 1 ext4 761856 1 mbcache 16384 1 ext4 jbd2 131072 1 ext4 virtio_balloon 20480 0 pcspkr 16384 0 i2c_piix4 24576 0 joydev 24576 0 ip_tables 28672 0 xfs 1515520 1 libcrc32c 16384 4 nf_conntrack,nf_nat,nf_tables,xfs sr_mod 28672 0 sd_mod 53248 3 cdrom 65536 1 sr_mod t10_pi 16384 1 sd_mod sg 40960 0 ata_generic 16384 0 bochs_drm 16384 1 drm_vram_helper 28672 1 bochs_drm drm_kms_helper 233472 4 drm_vram_helper,bochs_drm syscopyarea 16384 1 drm_kms_helper sysfillrect 16384 1 drm_kms_helper sysimgblt 16384 1 drm_kms_helper fb_sys_fops 16384 1 drm_kms_helper drm_ttm_helper 16384 1 drm_vram_helper ttm 114688 2 drm_vram_helper,drm_ttm_helper drm 569344 7 drm_kms_helper,drm_vram_helper,bochs_drm,drm_ttm_helper,ttm ahci 40960 2 libahci 40960 1 ahci virtio_net 53248 0 net_failover 24576 1 virtio_net ata_piix 36864 0 serio_raw 16384 0 failover 16384 1 net_failover libata 270336 4 ata_piix,libahci,ahci,ata_generic dm_mirror 28672 0 dm_region_hash 20480 1 dm_mirror dm_log 20480 2 dm_region_hash,dm_mirror dm_mod 151552 8 dm_log,dm_mirror fuse 151552 3
Pour ajouter un module, on peut utiliser la commande insmod ou modprobe. Cette dernière ajoute non seulement le module passé en argument mais également ses dépendances :
[root@centos8 ~]# modprobe bonding [root@centos8 ~]# lsmod | more Module Size Used by bonding 196608 0 xt_CHECKSUM 16384 1 ipt_MASQUERADE 16384 3 xt_conntrack 16384 1 ipt_REJECT 16384 2 nft_compat 20480 16 nf_nat_tftp 16384 0 nft_objref 16384 1 nf_conntrack_tftp 16384 3 nf_nat_tftp nft_counter 16384 33 tun 53248 1 bridge 192512 0 stp 16384 1 bridge llc 16384 2 bridge,stp nft_fib_inet 16384 1 nft_fib_ipv4 16384 1 nft_fib_inet nft_fib_ipv6 16384 1 nft_fib_inet nft_fib 16384 3 nft_fib_ipv6,nft_fib_ipv4,nft_fib_inet nft_reject_inet 16384 5 nf_reject_ipv4 16384 2 nft_reject_inet,ipt_REJECT nf_reject_ipv6 16384 1 nft_reject_inet --More--
Pour supprimer un module, on peut utiliser la commande rmmod ou modprobe -r. Cette dernière essaie de supprimer les dépendances non-utilisées :
[root@centos8 ~]# modprobe -r bonding [root@centos8 ~]# lsmod | more Module Size Used by xt_CHECKSUM 16384 1 ipt_MASQUERADE 16384 3 xt_conntrack 16384 1 ipt_REJECT 16384 2 nft_compat 20480 16 nf_nat_tftp 16384 0 nft_objref 16384 1 nf_conntrack_tftp 16384 3 nf_nat_tftp nft_counter 16384 33 tun 53248 1 bridge 192512 0 stp 16384 1 bridge llc 16384 2 bridge,stp nft_fib_inet 16384 1 nft_fib_ipv4 16384 1 nft_fib_inet nft_fib_ipv6 16384 1 nft_fib_inet nft_fib 16384 3 nft_fib_ipv6,nft_fib_ipv4,nft_fib_inet nft_reject_inet 16384 5 nf_reject_ipv4 16384 2 nft_reject_inet,ipt_REJECT nf_reject_ipv6 16384 1 nft_reject_inet nft_reject 16384 1 nft_reject_inet --More--
Les dépendances des modules sont résolues par la commande modprobe grâce aux fichier /lib/modules/<version-du-noyau>/modules.dep. Ce dernier peut être créé manuellement grâce à la commande depmod :
[root@centos8 ~]# more /lib/modules/`uname -r`/modules.dep kernel/arch/x86/events/amd/power.ko.xz: kernel/arch/x86/events/intel/intel-uncore.ko.xz: kernel/arch/x86/events/intel/intel-cstate.ko.xz: kernel/arch/x86/events/rapl.ko.xz: kernel/arch/x86/kernel/cpu/mce/mce-inject.ko.xz: kernel/arch/x86/crypto/des3_ede-x86_64.ko.xz: kernel/crypto/des_generic.ko.xz kernel/arch/x86/crypto/camellia-x86_64.ko.xz: kernel/arch/x86/crypto/blowfish-x86_64.ko.xz: kernel/crypto/blowfish_common.ko.xz kernel/arch/x86/crypto/twofish-x86_64.ko.xz: kernel/crypto/twofish_common.ko.xz kernel/arch/x86/crypto/twofish-x86_64-3way.ko.xz: kernel/arch/x86/crypto/twofish-x86_64.ko. xz kernel/crypto/twofish_common.ko.xz kernel/arch/x86/crypto/chacha20-x86_64.ko.xz: kernel/crypto/chacha20_generic.ko.xz kernel/arch/x86/crypto/serpent-sse2-x86_64.ko.xz: kernel/crypto/serpent_generic.ko.xz kernel/arch/x86/crypto/ghash-clmulni-intel.ko.xz: kernel/arch/x86/crypto/crc32c-intel.ko.xz: kernel/arch/x86/crypto/crc32-pclmul.ko.xz: kernel/arch/x86/crypto/sha512-ssse3.ko.xz: kernel/crypto/sha512_generic.ko.xz kernel/arch/x86/crypto/crct10dif-pclmul.ko.xz: kernel/arch/x86/crypto/poly1305-x86_64.ko.xz: kernel/crypto/poly1305_generic.ko.xz kernel/arch/x86/crypto/camellia-aesni-avx-x86_64.ko.xz: kernel/arch/x86/crypto/camellia-x86 _64.ko.xz kernel/arch/x86/crypto/cast5-avx-x86_64.ko.xz: kernel/crypto/cast5_generic.ko.xz kernel/cry --More--(0%)
Il est possible d'obtenir des informations sur un module grâce à la commande modinfo :
[root@centos8 ~]# modinfo bonding
filename: /lib/modules/4.18.0-305.7.1.el8_4.x86_64/kernel/drivers/net/bonding/bonding.ko.xz
author: Thomas Davis, tadavis@lbl.gov and many others
description: Ethernet Channel Bonding Driver
license: GPL
alias: rtnl-link-bond
rhelversion: 8.4
srcversion: 445F4CC9A2F7E64E3A87FD0
depends:
intree: Y
name: bonding
vermagic: 4.18.0-305.7.1.el8_4.x86_64 SMP mod_unload modversions
sig_id: PKCS#7
signer: CentOS kernel signing key
sig_key: 3B:5A:0A:B8:8E:4A:51:C0:AA:FF:97:FD:CB:94:D6:B6:D2:46:B8:17
sig_hashalgo: sha256
signature: B2:3A:20:BE:2B:F3:E0:5A:1A:74:0E:69:76:40:2A:D4:80:10:2C:5A:
B7:F1:1E:7A:71:13:29:F0:0A:4A:28:EE:81:33:C8:C2:5C:BD:FF:E4:
3F:A9:15:A3:9A:0E:A7:98:9E:99:06:23:10:47:D3:B2:48:B3:F1:61:
BE:4B:B0:FC:62:B9:3B:D6:64:CC:E3:29:01:4D:91:92:32:FD:EB:54:
44:F1:2C:1B:23:30:F1:3E:EE:69:EA:94:54:D9:A0:8D:16:53:F5:20:
DE:38:A0:13:E8:2F:89:66:CB:11:D7:AA:30:37:7B:EC:DF:A1:69:29:
7F:4E:80:4D:34:6E:F2:07:01:FA:18:23:94:58:10:C6:97:27:68:B9:
D8:08:5E:9D:00:17:F4:1B:48:BE:CA:BF:5C:5A:A8:6D:36:EE:3F:95:
BA:BE:59:82:EE:7B:CA:BB:32:1E:E3:05:ED:C9:C2:C8:10:64:B9:29:
B8:09:4B:79:42:65:1A:FA:99:96:BA:7E:2D:6E:75:F1:91:0E:F4:9A:
8F:11:10:9F:70:BD:35:06:BE:F0:4C:D8:AB:D5:C4:E1:B3:A2:2A:CA:
58:CA:9E:16:1D:0C:BE:9C:37:A1:82:20:6F:24:CD:23:63:F7:F5:BC:
6E:81:14:F0:52:DA:04:0E:9D:CC:17:60:2D:B0:D8:BD:6E:2C:AD:E7:
50:48:49:B6:57:96:AC:FD:A4:29:33:01:43:92:32:88:A2:AC:CB:93:
2F:C3:29:F3:01:77:84:00:AB:AA:C8:59:43:F1:DA:90:7B:5F:9A:A9:
CA:60:97:34:85:5E:98:56:73:03:0D:D7:8D:A6:AB:51:D4:8C:92:91:
0C:0A:BA:6B:92:01:16:FE:8B:86:80:11:5F:8E:21:BD:C2:2F:02:58:
A6:CF:6C:E3:87:28:8B:4D:CE:54:8C:00:B3:F7:AE:9E:01:81:1E:83:
AE:6D:58:B0:10:98:36:D9:69:76:E2:C0:E2:15:94:3B:D4:14:19:D9:
59:86:75:31
parm: max_bonds:Max number of bonded devices (int)
parm: tx_queues:Max number of transmit queues (default = 16) (int)
parm: num_grat_arp:Number of peer notifications to send on failover event (alias of num_unsol_na) (int)
parm: num_unsol_na:Number of peer notifications to send on failover event (alias of num_grat_arp) (int)
parm: miimon:Link check interval in milliseconds (int)
parm: updelay:Delay before considering link up, in milliseconds (int)
parm: downdelay:Delay before considering link down, in milliseconds (int)
parm: use_carrier:Use netif_carrier_ok (vs MII ioctls) in miimon; 0 for off, 1 for on (default) (int)
parm: mode:Mode of operation; 0 for balance-rr, 1 for active-backup, 2 for balance-xor, 3 for broadcast, 4 for 802.3ad, 5 for balance-tlb, 6 for balance-alb (charp)
parm: primary:Primary network device to use (charp)
parm: primary_reselect:Reselect primary slave once it comes up; 0 for always (default), 1 for only if speed of primary is better, 2 for only on active slave failure (charp)
parm: lacp_rate:LACPDU tx rate to request from 802.3ad partner; 0 for slow, 1 for fast (charp)
parm: ad_select:802.3ad aggregation selection logic; 0 for stable (default), 1 for bandwidth, 2 for count (charp)
parm: min_links:Minimum number of available links before turning on carrier (int)
parm: xmit_hash_policy:balance-alb, balance-tlb, balance-xor, 802.3ad hashing method; 0 for layer 2 (default), 1 for layer 3+4, 2 for layer 2+3, 3 for encap layer 2+3, 4 for encap layer 3+4, 5 for vlan+srcmac (charp)
parm: arp_interval:arp interval in milliseconds (int)
parm: arp_ip_target:arp targets in n.n.n.n form (array of charp)
parm: arp_validate:validate src/dst of ARP probes; 0 for none (default), 1 for active, 2 for backup, 3 for all (charp)
parm: arp_all_targets:fail on any/all arp targets timeout; 0 for any (default), 1 for all (charp)
parm: fail_over_mac:For active-backup, do not set all slaves to the same MAC; 0 for none (default), 1 for active, 2 for follow (charp)
parm: all_slaves_active:Keep all frames received on an interface by setting active flag for all slaves; 0 for never (default), 1 for always. (int)
parm: resend_igmp:Number of IGMP membership reports to send on link failure (int)
parm: packets_per_slave:Packets to send per slave in balance-rr mode; 0 for a random slave, 1 packet per slave (default), >1 packets per slave. (int)
parm: lp_interval:The number of seconds between instances where the bonding driver sends learning packets to each slaves peer switch. The default is 1. (uint)
Dernièrement, les fichiers dans le repertoire /etc/modprobe.d sont utilisés pour spécifier les options éventuelles à passer aux modules lors de leur chargement ainsi que les alias utilisés pour leur faire référence :
[root@centos8 ~]# ls /etc/modprobe.d firewalld-sysctls.conf lockd.conf nvdimm-security.conf tuned.conf kvm.conf mlx4.conf truescale.conf vhost.conf [root@centos8 ~]# cat /etc/modprobe.d/kvm.conf # Setting modprobe kvm_intel/kvm_amd nested = 1 # only enables Nested Virtualization until the next reboot or # module reload. Uncomment the option applicable # to your system below to enable the feature permanently. # # User changes in this file are preserved across upgrades. # # For Intel #options kvm_intel nested=1 # # For AMD #options kvm_amd nested=1
LAB #2 - Compilation et installation du noyau et des modules
Activez le dépôt CentOS-Linux-PowerTools en passant la directive enabled à 1 :
[root@centos8 ~]# vi /etc/yum.repos.d/CentOS-Linux-PowerTools.repo [root@centos8 ~]# cat /etc/yum.repos.d/CentOS-Linux-PowerTools.repo # CentOS-Linux-PowerTools.repo # # The mirrorlist system uses the connecting IP address of the client and the # update status of each mirror to pick current mirrors that are geographically # close to the client. You should use this for CentOS updates unless you are # manually picking other mirrors. # # If the mirrorlist does not work for you, you can try the commented out # baseurl line instead. [powertools] name=CentOS Linux $releasever - PowerTools mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=PowerTools&infra=$infra #baseurl=http://mirror.centos.org/$contentdir/$releasever/PowerTools/$basearch/os/ gpgcheck=1 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
Installez maintenant les paquets nécessaires :
[root@centos8 ~]# dnf groupinstall "Development Tools" ... [root@centos8 ~]# dnf install asciidoc audit-libs-devel bash bc binutils binutils-devel bison diffutils elfutils elfutils-devel elfutils-libelf-devel findutils flex gawk gcc gettext gzip hmaccalc hostname make module-init-tools ncurses-devel net-tools newt-devel numactl-devel openssl patch pciutils-devel perl perl-ExtUtils-Embed pesign redhat-rpm-config rpm-build rpmdevtools sh-utils tar xmlto xz zlib-devel ...
2.1 - Déplacer /home
Important - Il n'est pas conseillé de compiler en tant que root pour des raisons de sécurité. Pour pouvoir utiliser le compte d'un utilisateur pour créer un nouveau noyau, celui-ci doit disposer de plus de 10 Go d'espace libre.
A faire - Déconnectez-vous de votre session CentOS8_SSH_10.0.2.45 et re-connectez-vous à la VM en tant que root en utilisant la connexion CentOS8_ROOT_10.0.2.45.
Créez ensuite une seule partition sur /dev/sdc :
[root@centos8 ~]# fdisk /dev/sdc
Welcome to fdisk (util-linux 2.32.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Device does not contain a recognized partition table.
Created a new DOS disklabel with disk identifier 0xc321702b.
Command (m for help): n
Partition type
p primary (0 primary, 0 extended, 4 free)
e extended (container for logical partitions)
Select (default p):
Using default response p.
Partition number (1-4, default 1):
First sector (2048-41943039, default 2048):
Last sector, +sectors or +size{K,M,G,T,P} (2048-41943039, default 41943039):
Created a new partition 1 of type 'Linux' and of size 20 GiB.
Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.
Créez maintenant un système de fichiers ext4 sur /dev/sdc1 :
[root@centos8 ~]# mkfs.ext4 /dev/sdc1
mke2fs 1.45.6 (20-Mar-2020)
Discarding device blocks: done
Creating filesystem with 16776960 4k blocks and 4194304 inodes
Filesystem UUID: dc92c0d7-919b-4fff-8719-53e9e7e628dd
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424
Allocating group tables: done
Writing inode tables: done
Creating journal (65536 blocks): done
Writing superblocks and filesystem accounting information: done
Montez /dev/sdc1 sur /mnt :
[root@centos8 ~]# mount /dev/sdc1 /mnt
Copiez le contenu de /home vers /mnt :
[root@centos8 ~]# cp -a /home/* /mnt
Démontez /dev/sdc1 et déplacez /home vers /root :
[root@centos8 ~]# umount /mnt [root@centos8 ~]# mv /home /root
Identifiez l'UUID de /dev/sdc1 :
[root@centos8 ~]# ls -l /dev/disk/by-uuid/ | grep sdc1 lrwxrwxrwx. 1 root root 10 Jul 19 12:02 f76d6b66-985b-4a91-af9c-4987e8c1443c -> ../../sdc [root@centos8 ~]#
Editez le fichier /etc/fstab et ajoutez une ligne pour /dev/sdc1 :
[root@centos8 ~]# vi /etc/fstab [root@centos8 ~]# cat /etc/fstab # # /etc/fstab # Created by anaconda on Wed Jun 16 06:21:32 2021 # # Accessible filesystems, by reference, are maintained under '/dev/disk/'. # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info. # # After editing this file, run 'systemctl daemon-reload' to update systemd # units generated from this file. # /dev/mapper/cl_centos8-root / xfs defaults 0 0 UUID=1c04981e-5317-4b73-9695-3ce25246835d /boot ext4 defaults 1 2 /dev/mapper/cl_centos8-swap swap swap defaults 0 0 UUID=f76d6b66-985b-4a91-af9c-4987e8c1443c /home ext4 defaults 1 2
Créez le point de montage /home :
[root@centos8 ~]# mkdir /home
Montez /dev/sdc1 :
[root@centos8 ~]# mount -a [root@centos8 ~]# mount sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime,seclabel) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) devtmpfs on /dev type devtmpfs (rw,nosuid,seclabel,size=1882880k,nr_inodes=470720,mode=755) securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime) tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,seclabel) devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,seclabel,gid=5,mode=620,ptmxmode=000) tmpfs on /run type tmpfs (rw,nosuid,nodev,seclabel,mode=755) tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,seclabel,mode=755) cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd) pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime,seclabel) bpf on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700) cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,hugetlb) cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,memory) cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,cpu,cpuacct) cgroup on /sys/fs/cgroup/rdma type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,rdma) cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,pids) cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,cpuset) cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,perf_event) cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,freezer) cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,blkio) cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,net_cls,net_prio) cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,devices) none on /sys/kernel/tracing type tracefs (rw,relatime,seclabel) configfs on /sys/kernel/config type configfs (rw,relatime) /dev/mapper/cl_centos8-root on / type xfs (rw,relatime,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota) selinuxfs on /sys/fs/selinux type selinuxfs (rw,relatime) mqueue on /dev/mqueue type mqueue (rw,relatime,seclabel) hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,seclabel,pagesize=2M) debugfs on /sys/kernel/debug type debugfs (rw,relatime,seclabel) systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=40,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=6022) fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime) /dev/sda1 on /boot type ext4 (rw,relatime,seclabel) sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime) tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,seclabel,size=382500k,mode=700,uid=1000,gid=1000) tmpfs on /run/user/42 type tmpfs (rw,nosuid,nodev,relatime,seclabel,size=382500k,mode=700,uid=42,gid=42) gvfsd-fuse on /run/user/1000/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000) tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,seclabel,size=382500k,mode=700) gvfsd-fuse on /run/user/0/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=0,group_id=0) /dev/sdc1 on /home type ext4 (rw,relatime,seclabel)
Notez la taille de /home :
[root@centos8 ~]# df -h Filesystem Size Used Avail Use% Mounted on devtmpfs 1.8G 0 1.8G 0% /dev tmpfs 1.9G 0 1.9G 0% /dev/shm tmpfs 1.9G 9.4M 1.9G 1% /run tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup /dev/mapper/cl_centos8-root 28G 5.2G 23G 19% / /dev/sda1 976M 289M 620M 32% /boot tmpfs 374M 16K 374M 1% /run/user/1000 tmpfs 374M 1.2M 373M 1% /run/user/42 /dev/sdc1 63G 67M 60G 1% /home
A faire - Déconnectez-vous de votre session CentOS8_ROOT_10.0.2.45 et re-connectez-vous à la VM en tant que trainee en utilisant la connexion CentOS8_SSH_10.0.2.45.
2.2 - Préparer l'Environnement
Pour créer l'arborescence de l'environnement de création de paquets dans /home/trainee, utilisez la commande rpmdev-setuptree :
[trainee@centos8 ~]$ rpmdev-setuptree ...> [trainee@centos8 ~]$ ls -laR rpmbuild/ rpmbuild/: total 28 drwxrwxr-x. 7 trainee trainee 4096 Jul 19 12:10 . drwxr-xr-x. 17 trainee trainee 4096 Jul 19 12:10 .. drwxrwxr-x. 2 trainee trainee 4096 Jul 19 12:10 BUILD drwxrwxr-x. 2 trainee trainee 4096 Jul 19 12:10 RPMS drwxrwxr-x. 2 trainee trainee 4096 Jul 19 12:10 SOURCES drwxrwxr-x. 2 trainee trainee 4096 Jul 19 12:10 SPECS drwxrwxr-x. 2 trainee trainee 4096 Jul 19 12:10 SRPMS rpmbuild/BUILD: total 8 drwxrwxr-x. 2 trainee trainee 4096 Jul 19 12:10 . drwxrwxr-x. 7 trainee trainee 4096 Jul 19 12:10 .. rpmbuild/RPMS: total 8 drwxrwxr-x. 2 trainee trainee 4096 Jul 19 12:10 . drwxrwxr-x. 7 trainee trainee 4096 Jul 19 12:10 .. rpmbuild/SOURCES: total 8 drwxrwxr-x. 2 trainee trainee 4096 Jul 19 12:10 . drwxrwxr-x. 7 trainee trainee 4096 Jul 19 12:10 .. rpmbuild/SPECS: total 8 drwxrwxr-x. 2 trainee trainee 4096 Jul 19 12:10 . drwxrwxr-x. 7 trainee trainee 4096 Jul 19 12:10 .. rpmbuild/SRPMS: total 8 drwxrwxr-x. 2 trainee trainee 4096 Jul 19 12:10 . drwxrwxr-x. 7 trainee trainee 4096 Jul 19 12:10 ..
Téléchargez le rpm source du noyau :
[trainee@centos8 ~]$ uname -a Linux centos8.ittraining.loc 4.18.0-305.7.1.el8_4.x86_64 #1 SMP Tue Jun 29 21:55:12 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux [trainee@centos8 ~]$ cat /etc/centos-release CentOS Linux release 8.4.2105 [trainee@centos8 ~]$ wget https://vault.centos.org/8.4.2105/BaseOS/Source/SPackages/kernel-4.18.0-305.7.1.el8_4.src.rpm --2021-07-14 02:54:14-- https://vault.centos.org/8.4.2105/BaseOS/Source/SPackages/kernel-4.18.0-305.7.1.el8_4.src.rpm Resolving vault.centos.org (vault.centos.org)... 81.171.33.194, 2a05:d014:10:7803:4af1:9320:7050:d28e Connecting to vault.centos.org (vault.centos.org)|81.171.33.194|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 123000617 (117M) [application/x-rpm] Saving to: ‘kernel-4.18.0-305.7.1.el8_4.src.rpm’ kernel-4.18.0-305.7.1. 100%[===========================>] 117.30M 1.49MB/s in 79s 2021-07-14 02:55:33 (1.49 MB/s) - ‘kernel-4.18.0-305.7.1.el8_4.src.rpm’ saved [123000617/123000617]
Installez maintenant les dépendances pour le rpm source en tant que root :
[trainee@centos8 ~]$ su - Mot de passe : fenestros [root@centos8 ~]# dnf install yum-utils ... [root@centos8 ~]# yum-builddep /home/trainee/kernel-4.18.0-305.7.1.el8_4.src.rpm ...
Installez maintenant le paquet kernel-4.18.0-305.7.1.el8_4.src.rpm :
[root@centos8 ~]# exit logout [trainee@centos8 ~]$ rpm -Uvh kernel-4.18.0-305.7.1.el8_4.src.rpm Updating / installing... 1:kernel-4.18.0-305.7.1.el8_4 warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root ################################# [100%] warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root
Important - Les erreurs sont sans importance.
2.3 - Préparer l'Arborescence Source du Noyau
Naviguez vers le repertoire ~/rpmbuild/SPECS et utilisez la commande rpmbuild pour préparer l'arborescence source du noyau :
[trainee@centos7 ~]$ cd ~/rpmbuild/SPECS [trainee@centos7 SPECS]$ rpmbuild -bp --target=$(uname -m) kernel.spec ...
A l'issu du processus, examinez l'arborescence :
[trainee@centos8 SPECS]$ ls -la ~/rpmbuild/BUILD/kernel-4.18.0-305.7.1.el8_4/linux-4.18.0-305.7.1.el8.x86_64/ total 812 drwxr-xr-x. 26 trainee trainee 4096 Jul 14 03:13 . drwxr-xr-x. 3 trainee trainee 4096 Jul 14 03:12 .. drwxr-xr-x. 27 trainee trainee 4096 Jul 14 03:13 arch drwxr-xr-x. 3 trainee trainee 4096 Jun 14 10:33 block drwxr-xr-x. 2 trainee trainee 4096 Jul 14 03:13 certs -rw-r--r--. 1 trainee trainee 13079 Jun 14 10:33 .clang-format -rw-r--r--. 1 trainee trainee 59 Jun 14 10:33 .cocciconfig drwxr-xr-x. 2 trainee trainee 4096 Jul 14 03:13 configs -rw-r--r--. 1 trainee trainee 423 Jun 14 10:33 COPYING-4.18.0 -rw-r--r--. 1 trainee trainee 98651 Jun 14 10:33 CREDITS drwxr-xr-x. 4 trainee trainee 4096 Jun 14 10:33 crypto drwxr-xr-x. 119 trainee trainee 4096 Jul 14 03:13 Documentation drwxr-xr-x. 137 trainee trainee 4096 Jun 14 10:33 drivers drwxr-xr-x. 2 trainee trainee 4096 Jul 14 03:13 firmware drwxr-xr-x. 73 trainee trainee 4096 Jun 14 10:33 fs -rw-r--r--. 1 trainee trainee 68 Jun 14 10:33 .get_maintainer.conf -rw-r--r--. 1 trainee trainee 31 Jun 14 10:33 .get_maintainer.ignore -rw-r--r--. 1 trainee trainee 76 Jun 14 10:33 .gitattributes -rw-r--r--. 1 trainee trainee 1639 Jun 14 10:33 .gitlab-ci-private.yml -rw-r--r--. 1 trainee trainee 1668 Jun 14 10:33 .gitlab-ci.yml drwxr-xr-x. 30 trainee trainee 4096 Jun 14 10:33 include drwxr-xr-x. 2 trainee trainee 4096 Jun 14 10:33 init drwxr-xr-x. 2 trainee trainee 4096 Jun 14 10:33 ipc -rw-r--r--. 1 trainee trainee 2245 Jun 14 10:33 Kbuild -rw-r--r--. 1 trainee trainee 575 Jun 14 10:33 Kconfig drwxr-xr-x. 19 trainee trainee 4096 Jul 14 03:13 kernel drwxr-xr-x. 20 trainee trainee 12288 Jul 14 03:13 lib drwxr-xr-x. 5 trainee trainee 4096 Jun 14 10:33 LICENSES -rw-r--r--. 1 trainee trainee 9559 Jun 14 10:33 .mailmap -rw-r--r--. 1 trainee trainee 471696 Jun 14 10:33 MAINTAINERS -rw-r--r--. 1 trainee trainee 61558 Jun 14 10:33 Makefile -rw-r--r--. 1 trainee trainee 1324 Jun 14 10:33 Makefile.rhelver -rw-r--r--. 1 trainee trainee 0 Jul 14 03:13 .mismatches drwxr-xr-x. 3 trainee trainee 4096 Jun 14 10:33 mm drwxr-xr-x. 72 trainee trainee 4096 Jun 14 10:33 net -rw-r--r--. 1 trainee trainee 800 Jun 14 10:33 README drwxr-xr-x. 28 trainee trainee 4096 Jun 14 10:33 samples -rw-r--r--. 1 trainee trainee 0 Jul 14 03:12 .scmversion drwxr-xr-x. 14 trainee trainee 4096 Jul 14 03:13 scripts drwxr-xr-x. 10 trainee trainee 4096 Jun 14 10:33 security drwxr-xr-x. 26 trainee trainee 4096 Jun 14 10:33 sound drwxr-xr-x. 33 trainee trainee 4096 Jun 14 10:33 tools drwxr-xr-x. 2 trainee trainee 4096 Jul 14 03:13 usr drwxr-xr-x. 4 trainee trainee 4096 Jun 14 10:33 virt
Le Fichier .config
Changez de répertoire de travail :
[trainee@centos8 SPECS]$ cd ~/rpmbuild/BUILD/kernel-*/linux-*/
Copiez le fichier configs/kernel-4.18.0-`uname -m`.config vers .config dans le répertoire courant :
[trainee@centos8 linux-4.18.0-305.7.1.el8.x86_64]$ cp configs/kernel-4.18.0-`uname -m`.config .config
Mettez à jour le fichier .config par rapport à la configuration actuelle du noyau :
[trainee@centos8 linux-4.18.0-305.7.1.el8.x86_64]$ make oldconfig scripts/kconfig/conf --oldconfig Kconfig # # configuration written to .config #
Important - Cette commande lit le fichier .config du noyau actuel et le compare avec celui des sources du noyau. S'il existent des nouvelles configurations à effectuer dans les sources du noyau, la commande vous pose des questions.
La configuration du noyau se trouve dans un fichier dénommé .config. Le fichier .config est généré par une des trois commandes suivantes et ne doit pas être édité manuellement :
- make config
- make menuconfig
- make xconfig
Exécutez la commande make menuconfig :
[trainee@centos8 linux-4.18.0-305.7.1.el8.x86_64]$ make menuconfig UPD scripts/kconfig/.mconf-cfg HOSTCC scripts/kconfig/mconf.o HOSTCC scripts/kconfig/lxdialog/checklist.o HOSTCC scripts/kconfig/lxdialog/inputbox.o HOSTCC scripts/kconfig/lxdialog/menubox.o HOSTCC scripts/kconfig/lxdialog/textbox.o HOSTCC scripts/kconfig/lxdialog/util.o HOSTCC scripts/kconfig/lxdialog/yesno.o HOSTLD scripts/kconfig/mconf scripts/kconfig/mconf Kconfig # # using defaults found in /boot/config-4.18.0-305.7.1.el8_4.x86_64 #
Dans l'interface, vous pouvez constater la présence de lignes correspondantes à des fonctionalités suivies par une lettre ou une valeur. Dans le cas d'une lettre, la signification est la suivante :
- y,
- la fonctionalité est incluse dans le noyau monolithique ou dans le cas d'une dépendance d'un module, dans le module concerné,
- m,
- la fonctionalité est incluse en tant que module,
- n,
- la fonctionalité n'est pas incluse.
Important - Cette commande permet la modification de la configuration du noyau.
Sauvegardez simplement la configuration actuelle et sortez de l'interface :
*** End of the configuration. *** Execute 'make' to start the build or try 'make help'.
Vérifiez que le fichier .config a été“ créé par l'exécution de makeconfig :
[trainee@centos8 linux-4.18.0-305.7.1.el8.x86_64]$ ls -a . certs configs Documentation .get_maintainer.conf .gitlab-ci.yml Kbuild LICENSES Makefile.rhelver README security virt .. .clang-format COPYING-4.18.0 drivers .get_maintainer.ignore include Kconfig .mailmap .mismatches samples sound arch .cocciconfig CREDITS firmware .gitattributes init kernel MAINTAINERS mm .scmversion tools block .config crypto fs .gitlab-ci-private.yml ipc lib Makefile net scripts usr
Consultez ce fichier :
[trainee@centos8 linux-4.18.0-305.7.1.el8.x86_64]$ more .config # # Automatically generated file; DO NOT EDIT. # Linux/x86 4.18.0 Kernel Configuration # # # Compiler: gcc (GCC) 8.4.1 20200928 (Red Hat 8.4.1-1) # CONFIG_64BIT=y CONFIG_X86_64=y CONFIG_X86=y CONFIG_INSTRUCTION_DECODER=y CONFIG_OUTPUT_FORMAT="elf64-x86-64" CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig" CONFIG_LOCKDEP_SUPPORT=y CONFIG_STACKTRACE_SUPPORT=y CONFIG_MMU=y CONFIG_ARCH_MMAP_RND_BITS_MIN=28 CONFIG_ARCH_MMAP_RND_BITS_MAX=32 CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16 CONFIG_GENERIC_ISA_DMA=y CONFIG_GENERIC_BUG=y CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y CONFIG_GENERIC_HWEIGHT=y CONFIG_ARCH_MAY_HAVE_PC_FDC=y CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_ARCH_HAS_CPU_RELAX=y CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y CONFIG_ARCH_HAS_FILTER_PGPROT=y CONFIG_HAVE_SETUP_PER_CPU_AREA=y CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y CONFIG_ARCH_HIBERNATION_POSSIBLE=y CONFIG_ARCH_SUSPEND_POSSIBLE=y CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y CONFIG_ARCH_WANT_GENERAL_HUGETLB=y CONFIG_ZONE_DMA32=y CONFIG_AUDIT_ARCH=y CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y CONFIG_HAVE_INTEL_TXT=y CONFIG_X86_64_SMP=y --More--(0%)
Le Fichier Makefile
Le fichier Makefile contient le nom du noyau et spécifie les informations suivantes :
- VERSION,
- PATCHLEVEL,
- SUBLEVEL,
- EXTRAVERSION.
Les trois premières informations sont gérées par kernel.org et Linus Torvalds en personne tandis que l'EXTRAVERSION est gérée par Red Hat :
[trainee@centos8 linux-4.18.0-305.7.1.el8.x86_64]$ more Makefile # SPDX-License-Identifier: GPL-2.0 VERSION = 4 PATCHLEVEL = 18 SUBLEVEL = 0 EXTRAVERSION = NAME = Merciless Moray # # DRM backport version # RHEL_DRM_VERSION = 5 RHEL_DRM_PATCHLEVEL = 9 RHEL_DRM_SUBLEVEL = 14 # *DOCUMENTATION* # To see a list of typical targets execute "make help" # More info can be located in ./README # Comments in this file are targeted only to the developer, do not # expect to learn how to build the kernel reading this file. # That's our default target when none is given on the command line PHONY := _all _all: # o Do not use make's built-in rules and variables # (this increases performance and avoids hard-to-debug behaviour); # o Look for make include files relative to root of kernel src MAKEFLAGS += -rR --include-dir=$(CURDIR) # Avoid funny character set dependencies unexport LC_ALL LC_COLLATE=C LC_NUMERIC=C export LC_COLLATE LC_NUMERIC # Avoid interference with shell env settings unexport GREP_OPTIONS # Set RHEL variables # Use this spot to avoid future merge conflicts include Makefile.rhelver # We are using a recursive build, so we need to do a little thinking --Plus--(2%)
Important - La version 2.6 du noyau a vu le jour en 2003. Les SUBLEVEL se suivaient régulièrement. Avec la version 2.6 du noyau, la valeur paire du PATCHLEVEL indiquait que le noyau était stable. Quand vous recompilez le noyau à partir des sources, vous devez modifier la valeur de l'EXTRAVERSION. Le passage à la version 3.0 fut décidé par Linus Torvalds à l'occasion des 20 ans du noyau Linux. Depuis l'arrivée de la version 3 du noyau, la signification de la valeur de PATCHLEVEL paire et impaire a été abondonnée.
2.4 - Paramétrage du noyau
Insérez la sortie de la commande uname -i sur la première ligne du fichier .config :
[trainee@centos8 linux-4.18.0-305.7.1.el8.x86_64]$ uname -i x86_64 [trainee@centos8 linux-4.18.0-305.7.1.el8.x86_64]$ vi .config [trainee@centos8 linux-4.18.0-305.7.1.el8.x86_64]$ head .config # x86_64 # # Automatically generated file; DO NOT EDIT. # Linux/x86 4.18.0 Kernel Configuration # # # Compiler: gcc (GCC) 8.4.1 20200928 (Red Hat 8.4.1-1) # CONFIG_64BIT=y
Renommez le fichier .config en le plaçant dans le répertoire ~/rpmbuild/SOURCES/ :
[trainee@centos8 linux-4.18.0-305.7.1.el8.x86_64]$ cp .config ~/rpmbuild/SOURCES/config-`uname -m`-generic [trainee@centos8 linux-4.18.0-305.7.1.el8.x86_64]$ ls ~/rpmbuild/SOURCES centos-ca-secureboot.der cpupower.config filter-x86_64.sh kernel-s390x.config mod-extra.list Module.kabi_s390x centos-dup.x509 cpupower.service generate_all_configs.sh kernel-s390x-debug.config mod-internal.list Module.kabi_x86_64 centos-kpatch.x509 debrand-rh-i686-cpu.patch generate_bls_conf.sh kernel-s390x-zfcpdump.config mod-sign.sh parallel_xz.sh centos.pem debrand-rh_taint.patch kernel-aarch64.config kernel-x86_64.config Module.kabi_aarch64 process_configs.sh centossecureboot001.der debrand-single-cpu.patch kernel-aarch64-debug.config kernel-x86_64-debug.config Module.kabi_dup_aarch64 x509.genkey centossecureboot201.der filter-aarch64.sh kernel-abi-stablelists-4.18.0-305.tar.bz2 kvm_stat.logrotate Module.kabi_dup_ppc64le centossecurebootca2.der filter-modules.sh kernel-kabi-dw-4.18.0-305.tar.bz2 linux-4.18.0-305.7.1.el8_4.tar.xz Module.kabi_dup_s390x check-kabi filter-ppc64le.sh kernel-ppc64le.config linux-kernel-test.patch Module.kabi_dup_x86_64 config-x86_64-generic filter-s390x.sh kernel-ppc64le-debug.config mod-blacklist.sh Module.kabi_ppc64le
Copiez le contenu du répertoire configs vers le répertoire ~/rpmbuild/SOURCES/ :
[trainee@centos8 linux-4.18.0-305.7.1.el8.x86_64]$ cp configs/* ~/rpmbuild/SOURCES/
Editez la directive buildid dans le fichier ~/rpmbuild/SPECS/kernel.spec :
[trainee@centos8 linux-4.18.0-305.7.1.el8.x86_64]$ cd ~/rpmbuild/SPECS
[trainee@centos8 SPECS]$ vi kernel.spec
[trainee@centos8 SPECS]$ head -n 50 kernel.spec
# We have to override the new %%install behavior because, well... the kernel is special.
%global __spec_install_pre %{___build_pre}
# At the time of this writing (2019-03), RHEL8 packages use w2.xzdio
# compression for rpms (xz, level 2).
# Kernel has several large (hundreds of mbytes) rpms, they take ~5 mins
# to compress by single-threaded xz. Switch to threaded compression,
# and from level 2 to 3 to keep compressed sizes close to "w2" results.
#
# NB: if default compression in /usr/lib/rpm/redhat/macros ever changes,
# this one might need tweaking (e.g. if default changes to w3.xzdio,
# change below to w4T.xzdio):
%define _binary_payload w3T.xzdio
# For a kernel released for public testing, released_kernel should be 1.
# For internal testing builds during development, it should be 0.
%global released_kernel 1
%global distro_build 305
# Sign the x86_64 kernel for secure boot authentication
%ifarch x86_64 aarch64
%global signkernel 1
%else
%global signkernel 0
%endif
# Sign modules on all arches
%global signmodules 1
# Compress modules only for architectures that build modules
%ifarch noarch
%global zipmodules 0
%else
%global zipmodules 1
%endif
%if %{zipmodules}
%global zipsed -e 's/\.ko$/\.ko.xz/'
%endif
%define buildid .i2tch
%define rpmversion 4.18.0
%define pkgrelease 305.7.1.el8_4
# allow pkg_release to have configurable %%{?dist} tag
%define specrelease 305.7.1%{?dist}
%define pkg_release %{specrelease}%{?buildid}
2.5 - Compiler le Noyau
La compilation du noyau peut prendre beaucoup de temps (~5 heures). La commande utilisée est la suivante :
[trainee@centos7 SPECS]$ rpmbuild -bb --target=`uname -m` kernel.spec 2> build-err.log | tee build-out.log &
Important - La compilation peut prendre des heures. Arrêtez donc le processus avec les touches ^C. Arrêtez ensuite votre VM. Demandez à votre formateur de démarrer la VM contenant le noyau déjà compilé.
A l'issu du processus, les RPMs se trouvent dans le répertoire /home/trainee/rpmbuild/RPMS/x86_64/ :
... Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-headers-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-cross-headers-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-debuginfo-common-x86_64-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/perf-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/perf-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/python3-perf-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/python3-perf-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-tools-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-tools-libs-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-tools-libs-devel-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-tools-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/bpftool-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/bpftool-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-selftests-internal-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-debug-core-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-debug-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-debug-devel-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-debug-modules-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-debug-modules-extra-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-debug-modules-internal-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-debug-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-core-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-devel-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-modules-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-modules-extra-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-modules-internal-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-ipaclones-internal-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.rkOgfs [1]+ Done rpmbuild -bb --target=`uname -m` kernel.spec 2> build-err.log | tee build-out.log
[trainee@centos8 SPECS]$ cd ../RPMS [trainee@centos8 RPMS]$ ls x86_64 [trainee@centos8 RPMS]$ cd x86_64/ [trainee@centos8 x86_64]$ ls bpftool-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-selftests-internal-4.18.0-305.7.1.el8.i2tch.x86_64.rpm bpftool-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-debug-modules-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-tools-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-debug-modules-extra-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-tools-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-core-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-debug-modules-internal-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-tools-libs-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-cross-headers-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-devel-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-tools-libs-devel-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-debug-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-headers-4.18.0-305.7.1.el8.i2tch.x86_64.rpm perf-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-debug-core-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-ipaclones-internal-4.18.0-305.7.1.el8.i2tch.x86_64.rpm perf-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-debug-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-modules-4.18.0-305.7.1.el8.i2tch.x86_64.rpm python3-perf-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-debug-devel-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-modules-extra-4.18.0-305.7.1.el8.i2tch.x86_64.rpm python3-perf-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-modules-internal-4.18.0-305.7.1.el8.i2tch.x86_64.rpm
Notez que la génération du nouveau noyau peut consommer jusqu'à 21 Go d'espace disque :
[trainee@centos8 x86_64]$ df -h Filesystem Size Used Avail Use% Mounted on devtmpfs 1.8G 0 1.8G 0% /dev tmpfs 1.9G 0 1.9G 0% /dev/shm tmpfs 1.9G 9.4M 1.9G 1% /run tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup /dev/mapper/cl_centos8-root 28G 5.5G 23G 20% / /dev/sda1 976M 289M 620M 32% /boot tmpfs 374M 24K 374M 1% /run/user/1000 tmpfs 374M 1.2M 373M 1% /run/user/42 /dev/sdc1 63G 21G 39G 35% /home
2.6 - Installer le Nouveau Noyau
Installez maintenant les paquets kernel*. L'installation du noyau peut prendre beaucoup de temps (~2 heures). La commande utilisée est la suivante : :
[root@centos8 x86_64]# dnf localinstall kernel-*.rpm Last metadata expiration check: 2:25:32 ago on Tue 20 Jul 2021 08:37:00 EDT. Dependencies resolved. =============================================================================================================================================================================================================== Package Architecture Version Repository Size =============================================================================================================================================================================================================== Installing: kernel x86_64 4.18.0-305.7.1.el8.i2tch @commandline 5.9 M kernel-core x86_64 4.18.0-305.7.1.el8.i2tch @commandline 36 M kernel-cross-headers x86_64 4.18.0-305.7.1.el8.i2tch @commandline 11 M kernel-debug x86_64 4.18.0-305.7.1.el8.i2tch @commandline 5.9 M kernel-debug-core x86_64 4.18.0-305.7.1.el8.i2tch @commandline 63 M kernel-debug-debuginfo x86_64 4.18.0-305.7.1.el8.i2tch @commandline 683 M kernel-debug-devel x86_64 4.18.0-305.7.1.el8.i2tch @commandline 19 M kernel-debug-modules x86_64 4.18.0-305.7.1.el8.i2tch @commandline 54 M kernel-debug-modules-extra x86_64 4.18.0-305.7.1.el8.i2tch @commandline 7.2 M kernel-debug-modules-internal x86_64 4.18.0-305.7.1.el8.i2tch @commandline 6.3 M kernel-debuginfo x86_64 4.18.0-305.7.1.el8.i2tch @commandline 570 M kernel-debuginfo-common-x86_64 x86_64 4.18.0-305.7.1.el8.i2tch @commandline 75 M kernel-devel x86_64 4.18.0-305.7.1.el8.i2tch @commandline 18 M kernel-ipaclones-internal x86_64 4.18.0-305.7.1.el8.i2tch @commandline 20 M kernel-modules x86_64 4.18.0-305.7.1.el8.i2tch @commandline 28 M kernel-modules-extra x86_64 4.18.0-305.7.1.el8.i2tch @commandline 6.5 M kernel-modules-internal x86_64 4.18.0-305.7.1.el8.i2tch @commandline 6.1 M kernel-selftests-internal x86_64 4.18.0-305.7.1.el8.i2tch @commandline 19 M kernel-tools-debuginfo x86_64 4.18.0-305.7.1.el8.i2tch @commandline 6.2 M kernel-tools-libs-devel x86_64 4.18.0-305.7.1.el8.i2tch @commandline 5.9 M Downgrading: kernel-headers x86_64 4.18.0-305.7.1.el8.i2tch @commandline 7.1 M kernel-tools x86_64 4.18.0-305.7.1.el8.i2tch @commandline 6.1 M kernel-tools-libs x86_64 4.18.0-305.7.1.el8.i2tch @commandline 5.9 M Transaction Summary =============================================================================================================================================================================================================== Install 20 Packages Downgrade 3 Packages Total size: 1.6 G Is this ok [y/N]: y
A l'issu de l'installation, re-démarrez la VM :
[root@centos7 ~]# reboot
Connectez-vous en tant que trainee et devenez root. Listez ensuite les noyaux installés :
[root@centos8 ~]# rpm -qa | grep kernel kernel-modules-4.18.0-305.3.1.el8.x86_64 kernel-tools-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-headers-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-debug-core-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-modules-internal-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-modules-4.18.0-305.7.1.el8_4.x86_64 kernel-debug-modules-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-devel-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-tools-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-tools-libs-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-debug-modules-internal-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-cross-headers-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-core-4.18.0-305.7.1.el8_4.x86_64 kernel-devel-4.18.0-305.7.1.el8_4.x86_64 kernel-debuginfo-common-x86_64-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-debug-modules-extra-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-debug-devel-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-tools-libs-devel-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-modules-extra-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-4.18.0-305.7.1.el8_4.x86_64 kernel-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-core-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-selftests-internal-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-debug-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-debug-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-4.18.0-305.3.1.el8.x86_64 kernel-core-4.18.0-305.3.1.el8.x86_64 kernel-modules-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-ipaclones-internal-4.18.0-305.7.1.el8.i2tch.x86_64
Constatez l'entrée saved-entry du fichier /boot/grub2/grubenv :
[root@centos8 ~]# grep i2tch /boot/grub2/grubenv saved_entry=95bd69e34a7444a7b58cb74fbfb86df2-4.18.0-305.7.1.el8.i2tch.x86_64
Dernièrement, vérifiez l'utilisation du nouveau noyau :
[root@centos8 ~]# uname -r 4.18.0-305.7.1.el8.i2tch.x86_64
LAB #3 - Gestion des Quotas
Sous Linux il est possible de mettre en place des quotas par utilisateur et par groupe. Ceci étant, Linux ne sait pas gérer des quotas par répertoire, uniquement des quotas par partition. L'administrateur met souvent des quotas en place sur l'arborescence de /home pour limiter l'espace de stockage occupé par les utilisateurs.
Déconnectez-vous et reconnectez-vous directement en tant que root :
root@computeXX:~# ssh -l root 10.0.2.45 root@10.0.2.45's password: fenestros Activate the web console with: systemctl enable --now cockpit.socket Last login: Wed Jul 21 11:14:31 2021 [root@centos8 ~]#
Avant de mettre en place des quotas, configurer SELINUX en mode permissive afin de ne pas avoir d'erreurs de ce dernier :
[root@centos8 ~]# getenforce Enforcing [root@centos8 ~]# setenforce permissive [root@centos8 ~]# getenforce Permissive [root@centos8 ~]#
Editez ensuite le fichier /etc/sysconfig/selinux ainsi :
[root@centos8 ~]# vi /etc/sysconfig/selinux [root@centos8 ~]# cat /etc/sysconfig/selinux # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=permissive # SELINUXTYPE= can take one of these three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
Commencez par vérifiez que le paquet quota est bien installé :
[root@centos8 ~]# rpm -qa | grep quota quota-4.04-12.el8.x86_64 quota-nls-4.04-12.el8.noarch
Editez le fichier /etc/fstab en ajoutant les options usrquota et grpquota à la ligne /home :
[root@centos8 ~]# vi /etc/fstab [root@centos8 ~]# cat /etc/fstab # # /etc/fstab # Created by anaconda on Wed Jun 16 06:21:32 2021 # # Accessible filesystems, by reference, are maintained under '/dev/disk/'. # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info. # # After editing this file, run 'systemctl daemon-reload' to update systemd # units generated from this file. # /dev/mapper/cl_centos8-root / xfs defaults 0 0 UUID=1c04981e-5317-4b73-9695-3ce25246835d /boot ext4 defaults 1 2 /dev/mapper/cl_centos8-swap swap swap defaults 0 0 UUID=f76d6b66-985b-4a91-af9c-4987e8c1443c /home ext4 defaults,usrquota,grpquota 1 2
Redémarrez la VM :
[root@centos8 ~]# reboot
Reconnectez-vous directement en tant que root :
root@computeXX:~# ssh -l root 10.0.2.45 root@10.0.2.45's password: fenestros Activate the web console with: systemctl enable --now cockpit.socket Last login: Wed Jul 21 11:19:46 2021 [root@centos8 ~]#
Vérifiez ensuite que les options usrquota et grpquota soient prises en compte :
[root@centos8 ~]# cat /etc/mtab | grep /home /dev/sdc1 /home ext4 rw,seclabel,relatime,quota,usrquota,grpquota 0 0
3.1 - La Commande quotacheck
Pour activer les quotas sur /home, il convient d'utiliser la commande quotacheck :
[root@centos8 ~]# quotacheck -cugvm -f /dev/sdc1 quotacheck: Your kernel probably supports journaled quota but you are not using it. Consider switching to journaled quota to avoid running quotacheck after an unclean shutdown. quotacheck: Scanning /dev/sdc1 [/home] done quotacheck: Cannot stat old user quota file /home/aquota.user: No such file or directory. Usage will not be subtracted. quotacheck: Cannot stat old group quota file /home/aquota.group: No such file or directory. Usage will not be subtracted. quotacheck: Cannot stat old user quota file /home/aquota.user: No such file or directory. Usage will not be subtracted. quotacheck: Cannot stat old group quota file /home/aquota.group: No such file or directory. Usage will not be subtracted. quotacheck: Checked 6763 directories and 129772 files quotacheck: Old file not found. quotacheck: Old file not found.
Les options de la commande quotacheck sont :
[root@centos8 ~]# quotacheck --help
Utility for checking and repairing quota files.
quotacheck [-gucbfinvdmMR] [-F <quota-format>] filesystem|-a
-u, --user check user files
-g, --group check group files
-c, --create-files create new quota files
-b, --backup create backups of old quota files
-f, --force force check even if quotas are enabled
-i, --interactive interactive mode
-n, --use-first-dquot use the first copy of duplicated structure
-v, --verbose print more information
-d, --debug print even more messages
-m, --no-remount do not remount filesystem read-only
-M, --try-remount try remounting filesystem read-only,
continue even if it fails
-R, --exclude-root exclude root when checking all filesystems
-F, --format=formatname check quota files of specific format
-a, --all check all filesystems
-h, --help display this message and exit
-V, --version display version information and exit
Bugs to jack@suse.cz
Les quotas ont été activés et les fichier aquota.user et aquota.group ont été créés dans le répertoire /home :
[root@centos8 ~]# ls -la /home total 40 drwxr-xr-x. 4 root root 4096 Jul 21 11:27 . dr-xr-xr-x. 17 root root 224 Jul 19 12:05 .. -rw-------. 1 root root 7168 Jul 21 11:27 aquota.group -rw-------. 1 root root 7168 Jul 21 11:27 aquota.user drwx------. 2 root root 16384 Jul 19 12:02 lost+found drwxr-xr-x. 17 trainee trainee 4096 Jul 21 11:22 trainee
Créez maintenant un utilisateur fenestros avec le mot de passe fenestros :
[root@centos8 ~]# groupadd fenestros && useradd fenestros -c FenestrOs -d /home/fenestros -g fenestros -s /bin/bash [root@centos8 ~]# passwd fenestros Changing password for user fenestros. New password: BAD PASSWORD: The password contains the user name in some form Retype new password: passwd: all authentication tokens updated successfully.
3.2 - La Commande edquota
Mettez en place maintenant un quota de 10Mo pour l'utilisateur fenestros :
[root@centos8 ~]# edquota -u fenestros -f /home
L'éditeur vi se lance et vous obtiendrez un résultat similaire à celui-ci :
Disk quotas for user fenestros (uid 1001): Filesystem blocks soft hard inodes soft hard /dev/sdc1 0 0 0 0 0 0
Modifiez ce fichier ainsi :
Disk quotas for user fenestros (uid 1001): Filesystem blocks soft hard inodes soft hard /dev/sdc1 0 8000 10000 0 0 0
Sauvegardez et quittez le fichier.
Les options de la commande edquota sont :
[root@centos8 ~]# edquota --help
edquota: Usage:
edquota [-rm] [-u] [-F formatname] [-p username] [-f filesystem] username ...
edquota [-rm] -g [-F formatname] [-p groupname] [-f filesystem] groupname ...
edquota [-rm] -P [-F formatname] [-p projectname] [-f filesystem] projectname ...
edquota [-u|g|-P] [-F formatname] [-f filesystem] -t
edquota [-u|g|-P] [-F formatname] [-f filesystem] -T username|groupname|projectname ...
-u, --user edit user data
-g, --group edit group data
-P, --project edit project data
-r, --remote edit remote quota (via RPC)
-m, --no-mixed-pathnames trim leading slashes from NFSv4 mountpoints
-F, --format=formatname edit quotas of a specific format
-p, --prototype=name copy data from a prototype user/group
--always-resolve always try to resolve name, even if it is
composed only of digits
-f, --filesystem=filesystem edit data only on a specific filesystem
-t, --edit-period edit grace period
-T, --edit-times edit grace time of a user/group
-h, --help display this help text and exit
-V, --version display version information and exit
Bugs to: jack@suse.cz
Important - Pour mettre en place un quota par group, la procédure est similaire. Il suffit d'utiliser l'option -g de la commande edquota.
3.3 - La Commande quotaon
Appliquez maintenant les quotas :
[root@centos8 ~]# quotaon -a
Les options de la commande quotaon sont :
[root@centos8 ~]# quotaon --help
quotaon: Usage:
quotaon [-guPvp] [-F quotaformat] [-x state] -a
quotaon [-guPvp] [-F quotaformat] [-x state] filesys ...
-a, --all turn quotas on for all filesystems
-f, --off turn quotas off
-u, --user operate on user quotas
-g, --group operate on group quotas
-P, --project operate on project quotas
-p, --print-state print whether quotas are on or off
-x, --xfs-command=cmd perform XFS quota command
-F, --format=formatname operate on specific quota format
-v, --verbose print more messages
-h, --help display this help text and exit
-V, --version display version information and exit
De cette manière vous avez mis en place un quota souple pour fenestros de 8 000 Ko et un quota stricte de 10 000 Ko.
Quand l'utilisateur fenestros aura dépassé le quota souple, il recevra un message d'avertissement. Quand il dépasse le quota stricte, il ne pourra plus enregistrer dans /home, sauf dans le cas où il supprime des fichiers pour retomber en dessous de la limite stricte.
Il est à noter que vous pouvez soit mettre en place un quota en taille, soit mettre en place un quota basé sur le nombre d'inodes utilisés par l'utilisateur.
important - La commande pour désactivez les quotas est quotaoff.
3.4 - La Commande repquota
Pour visualiser les quotas utilisez la commande repquota :
[root@centos8 ~]# repquota /home
*** Report for user quotas on device /dev/sdc1
Block grace time: 7days; Inode grace time: 7days
Block limits File limits
User used soft hard grace used soft hard grace
----------------------------------------------------------------------
root -- 20 0 0 2 0 0
trainee -- 21495888 0 0 136532 0 0
Important - Notez que l'utilisateur fenestros ne figure pas dans la liste. Sous RHEL / CentOS, le quota n'est pas visible tant que l'utilisateur ne s'est pas connecté pour la première fois.
Les options de la commande repquota sont :
[root@centos8 ~]# repquota --help repquota: Utility for reporting quotas. Usage: repquota [-vugsi] [-c|C] [-t|n] [-F quotaformat] [-O (default | xml | csv)] (-a | mntpoint) -v, --verbose display also users/groups without any usage -u, --user display information about users -g, --group display information about groups -P, --project display information about projects -s, --human-readable show numbers in human friendly units (MB, GB, ...) -t, --truncate-names truncate names to 9 characters -p, --raw-grace print grace time in seconds since epoch -n, --no-names do not translate uid/gid to name -i, --no-autofs avoid autofs mountpoints -c, --cache translate big number of ids at once -C, --no-cache translate ids one by one -F, --format=formatname report information for specific format -O, --output=format format output as xml or csv -a, --all report information for all mount points with quotas -h, --help display this help message and exit -V, --version display version information and exit Bugs to jack@suse.cz
3.5 - La Commande quota
Pour visualiser les quotas d'un utilisateur spécifique, il convient d'utiliser la commande quota :
[root@centos8 ~]# quota fenestros
Disk quotas for user fenestros (uid 1001): no limited resources used
[root@centos8 ~]# su - fenestros
[fenestros@centos8 ~]$ touch test
[fenestros@centos8 ~]$ exit
logout
[root@centos8 ~]# quota fenestros
Disk quotas for user fenestros (uid 1001):
Filesystem blocks quota limit grace files quota limit grace
/dev/sdc1 8 8000 10000 3 0 0
Les options de la commande quota sont :
[root@centos8 ~]# quota --help
quota: Usage: quota [-guPqvswim] [-l | [-Q | -A]] [-F quotaformat]
quota [-qvswim] [-l | [-Q | -A]] [-F quotaformat] -u username ...
quota [-qvswim] [-l | [-Q | -A]] [-F quotaformat] -g groupname ...
quota [-qvswugPQm] [-F quotaformat] -f filesystem ...
-u, --user display quota for user
-g, --group display quota for group
-P, --project display quota for project
-q, --quiet print more terse message
-v, --verbose print more verbose message
-s, --human-readable display numbers in human friendly units (MB, GB...)
--always-resolve always try to translate name to id, even if it is
composed of only digits
-w, --no-wrap do not wrap long lines
-p, --raw-grace print grace time in seconds since epoch
-l, --local-only do not query NFS filesystems
-Q, --quiet-refuse do not print error message when NFS server does
not respond
-i, --no-autofs do not query autofs mountpoints
-F, --format=formatname display quota of a specific format
-f, --filesystem-list display quota information only for given filesystems
-A, --all-nfs display quota for all NFS mountpoints
-m, --no-mixed-pathnames trim leading slashes from NFSv4 mountpoints
--show-mntpoint show mount point of the file system in output
--hide-device do not show file system device in output
-h, --help display this help message and exit
-V, --version display version information and exit
Bugs to: jack@suse.cz
3.6 - La Commande warnquota
La commande warnquota vérifie le ou les disques et envoie un message par mail à tout utilisateur qui a dépassé la limite soft. Elle est enrègle générale appelée par un job cron. Cependant elle peut aussi est appelée d'une manière intéractive.
Sous RHEL/CentOS, warnquota n'est pas installé par défaut :
[root@centos8 ~]# which warnquota /usr/bin/which: no warnquota in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
Installez donc le paquet quota-warnquota :
[root@centos7 ~]# dnf install quota-warnquota ...
Les options de la commande warnquota sont :
[root@centos8 ~]# warnquota --help warnquota: Usage: warnquota [-ugsid] [-F quotaformat] [-c configfile] [-q quotatabfile] [-a adminsfile] [filesystem...] -u, --user warn users -g, --group warn groups -s, --human-readable send information in more human friendly units -i, --no-autofs avoid autofs mountpoints -d, --no-details do not send quota information itself -F, --format=formatname use quotafiles of specific format -c, --config=config-file non-default config file -q, --quota-tab=quotatab-file non-default quotatab -a, --admins-file=admins-file non-default admins file -h, --help display this help message and exit -v, --version display version information and exit warnquota: Bugs to jack@suse.cz
<html> <div align=“center”> Copyright © 2021 Hugh Norris. </html>
