RHCSA module 2 – Log management, disk partition and LVM management

Log management, disk partition and LVM management  for RHCSA-An introduction

Log management, disk partition and LVM management are important aspect from RHCSA point of view.This is the second tutorial of module-2 of RHCSA curriculum. We have discussed process management, software management, job scheduling and virtualisation tutorial in part-1 of Module-2 of RHCSA.

You can access following link to have a look on previous part of RHCSA module-2 published in this RHCSA series:

RHCSA module 2 – Operating Red Hat Enterprise Server 7


1. Log  management with rsyslogd and journald in Red Hat Linux 7

Logs are created by various Linux process during various operations, there are multiple methods used in Red Hat Linux which are used in Red Hat Linux to mange logs. Logs can be generate by the running process itself somewhere on to the system. Another method is that systemctl start a process and keep track of that running process and store all of the logs related to the service in journald. Another classical method of storing logs is via using rsyslogd and all of the logs are written in /etc/log/ directory.


In RHEL 7 systemd is responsible for starting a process and if something goes wrong logs are stored in journald, rsyslog take care of processes when they are running in current.  

Use journalctl to get a view fo logs from very begening of booting time

# journalctl


Get boot information with -b option

# journalctl -b

Use anotger filer to get a log view since yesterday

# journalctl –since=yesterday

Journald gets its information from systemctl, let us get inofrmation of sshd service

# journalctl -u sshd --since=yesterday

Sample output


You can see recent sshd activity is logged

To get more detailed infomration use versbose option

# journalctl -u sshd --since=yesterday -o verbose


We can even use systemctl to get detailed information about an service

# systemctl status sshd -l


An important thing to keep in mind is that what if all of the logs keep getting stored on to the system, logs get generated every moment and you can get out of storage soon, therefore it is imortant to make sure after a specific time period old logs must got vanished and new logs file needs to created.

To manage that ageing of logs we configure logrotate.

Attempt ssh login with user with a wrong password, and have a look in log files

# vim /etc/logrotate.conf


A pre-configured life span of logs will be one week, you can compress logs, or copy of old file cab be kept, you can configure your settings in this configuration file.

Logrotate run as cornjob, have a look

# cd /etc/cron.daily/ && ls


2. Managing disk partitions in Red Hat Linux 7

We have added a new virtual disk to describe disk partitioning in Linux, current disk status of system can be found in /proc/partition file, have a look

# cat /proc/partition

Sample output

major minor #blocks name

11 0 1048575 sr0
 8 0 52428800 sda
 8 1 512000 sda1
 8 2 51915776 sda2
 253 0 48721920 dm-0
 253 1 3145728 dm-1
 8 16 8388608 sdb

Newly created disk is listed as sdb, there is not any current partition with sdb.

Create a new partition on sdb with fdisk

# fdisk /dev/sdb

Sample output

Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0x0ff4deb1.

Command (m for help):

You can see that there is no partition on sdb,  type m for help

Command (m for help): m
Command action
 a toggle a bootable flag
 b edit bsd disklabel
 c toggle the dos compatibility flag
 d delete a partition
 g create a new empty GPT partition table
 G create an IRIX (SGI) partition table
 l list known partition types
 m print this menu
 n add a new partition
 o create a new empty DOS partition table
 p print the partition table
 q quit without saving changes
 s create a new empty Sun disklabel
 t change a partition's system id
 u change display/entry units
 v verify the partition table
 w write table to disk and exit
 x extra functionality (experts only)

Type p to get current status of disk

Disk /dev/sdb: 8589 MB, 8589934592 bytes, 16777216 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x0ff4deb1

Device Boot Start End Blocks Id System

Press n to create a new partition

Partition type:
 p primary (0 primary, 0 extended, 4 free)
 e extended
Select (default p):

Select primary partition, which is default, press p

Select (default p): p
Partition number (1-4, default 1):

Press 1 to create first primary partition

First sector (2048-16777215, default 2048): 
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-16777215, default 16777215):

Create a last sector of suppose 1 GB, if you will press enter the entire disk will be selected which is not an good idea, let us create new partition.

Last sector, +sectors or +size{K,M,G} (2048-16777215, default 16777215): +1G
Partition 1 of type Linux and of size 1 GiB is set

Command (m for help):

Press p again and new disk has one partition


Press w to write the partition on disk and quit.

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.

Disk partition is created, let us create some file system to that newly created disk partition, use mkfs to create a partition.

# mkfs
mkfs mkfs.cramfs mkfs.ext3 mkfs.fat mkfs.minix mkfs.vfat
mkfs.btrfs mkfs.ext2 mkfs.ext4 mkfs.gfs2 mkfs.msdos mkfs.xfs

There are may file system options are available.

# mkfs.xfs /dev/sdb1

Sample output

meta-data=/dev/sdb1 isize=256 agcount=4, agsize=65536 blks
 = sectsz=512 attr=2, projid32bit=1
 = crc=0 finobt=0
data = bsize=4096 blocks=262144, imaxpct=25
 = sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=0
log =internal log bsize=4096 blocks=2560, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0

If you needs to create windows compatible disk partition, use mkfs.vfat option.

Mount partition in /etc/fstab in Red Hat Linux 7

Open /etc/fstab file and have a look:


Every partition have their unique id, which can be listed with blkid

# blkid

Selection_076Create a new directory

# mkdir /mount

Let us mount created /dev/sdb1 partition to /mount

open /etc/fstab file

# vim /etc/ftab

Mount /deb/sdb1 to /mount with file system type xfs that we have created, keep rest of the things as default.


Save and exit and mount all partitions to activate that newly mounted file system.

# mount -a

Mount file system with UUID instead of partition name i.e. /dev/sdb1, use blkid to gerb your UUID, it is never going to be change so it is more secure and stable method to mount with UUID, copy that UUID.

Mount partition with UUID in /etc/fstab

# vim /etc/fstab



Use mount -a to remount this new UUID based partition and use df command to list partition, our newly created partition is listed there:

# df


Created encrypted partition is Red Hat Linux 7

Let us create another disk partition so create a new encrypted partition


Create encrypted partition using cryptsetup.

# cryptsetup luksFormat /dev/sdb2

Type ‘YES’ in uppercase, use minimum 8 character  complicated password.


Create a new mount point

# mkdir /secured

Open that encrypted partition and give a name to that partition e.g. secured

# cryptsetup luksOpen /dev/sdb2 secured

This partition will be stored in /dev/mapper/, have a look

# cd /dev/mapper && ls


Path of that partition will be /dev/mapper/secured, let us create a file system for that encrypted partition.

# mkfs.xfs /dev/mapper/secured


Mount partition to /secured directory

# mount /dev/mapper/secured /secured/

Access this mounted encrypted partition.

# cd /secured && touch 1.txt

Close that secured device

Umount partition

# umount /secured

Close that device

# cryptsetup luksClose /dev/mapper/secured

Have a look in /dev/mapper again

# cd /dev/mapper && ls

That secured partion will not be visible anymore, as it is secured and not one will be able to access that encrypted partition.

To mount that partition, open file under /etc/ named as crypttab

# vim /etc/crypttab

Put entries as follows, secured is the name that we give to that secure partition i.e. /deb/sdb2

secured /dev/sdb2 none

Edit /etc/inittab as well

# vim /etc/inittab

Sample outlook

# /etc/fstab
# Created by anaconda on Thu Jun 9 18:25:50 2016
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
/dev/mapper/centos-root / xfs defaults 0 0
UUID=b731dea0-2d9b-4a4e-afff-74fdc829f5b6 /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
UUID=0ccbc872-a2fe-496f-afec-db80e77689df /mount xfs defaults 1 2
/dev/mapper/secured /secured xfs defaults 0 0

Mount all partitions

# mount -a

Save and reboot the system, you will be asked for password


Give password which you have defined for secured device, only then you will be able to proceed.

So it could be an intresting way to even put an extra layer of security along with the root and grub security.

configure and managing LVM in Red Hat Linux 7

Create a LVM in Red Hat Linux 7

Logical volumes are more precised method to manage disk partitions, we can add more then one hard disk to logical volumes, we can easily resize them and they are easy to backup.

To create a new disk partition, create new partition using fdisk, change partition type, use l to get LVM code and create a new LVM type disk partition.

Create a physical volume with this new partition

# pvcreate /dev/sdb3

Verify that newly created physical volume

# pvs


Now create a volume group and let us give it a name umvg

# vgcreate umvg /dev/sdb3

Create a logical volume from this volume group of size of 512 MB and give a name to volume group

# lvcreate -n umlv -L 512M  umvg

Create a file system on that newly created logical volume

# mkfs.xfs /dev/umvg/umlv

Resize a LVM in Red Hat Linux 7

Create a new partition using fdisk, assume we have now /dev/sdb4

# vgextend umvg /dev/sdb4

Extend logical volume group as well, -r option will create file system automatically, +100%FREE will consume available free disk space, you can see in output that size of logical volume will be extended.

# lvextend -l +100%FREE -r /dev/umvg/umlv


Resize LVM size in Red Hat Linux 7

As we have extended volume size with LVM, let us reduce size as well.

Check file system first

# e2fsck /dev/umvg/umlv

Now reduce size of logical volume to 512 MB

# lvreduce -L 512M /dev/umvg/umlv

Sample output

WARNING: Reducing active logical volume to 512.00 MiB
 THIS MAY DESTROY YOUR DATA (filesystem etc.)
Do you really want to reduce umlv? [y/n]: y
 Size of logical volume umvg/umlv changed from 1020.00 MiB (255 extents) to 512.00 MiB (128 extents).
 Logical volume umlv successfully resized

Remount file systems

# mount -a

Have a look on latest status of lvm

# lvs


This was all about Disk management and logs management in Red Hat Linux 7.


The second module is over with this chapter, with next chapter we will begin with module-3 of RHCSA curriculum which will include Advanced System Administrations tasks. Stay tuned.