ifconfig is missing in the Minimal Install of Red Hat Enterprise Linux 7 (RHEL 7):
# ifconfig -bash: ifconfig: command not found
In 2009, Red Hat decided to deprecate ifconfig as the default command line network interface management utility, because the “net-tools” package (which provides ifconfig) did not support InfiniBand addresses (commonly used interconnect in high-performance computing applications). InfiniBand addresses were too big for ifconfig to display; therefore, it was necessary to deprecate ifconfig and to find a tool that could display long InfiniBand addresses.
You can still install net-tools package to get the ifconfig command working. The following command will install “net-tools” on your system:
# yum install net-tools
Alternatives to ifconfig
Use ip addr to see the IP addresses of your networking devices:
# ip addr 1: lo: [LOOPBACK,UP,LOWER_UP] mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eno16777736: [BROADCAST,MULTICAST,UP,LOWER_UP] mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:45:e9:ae brd ff:ff:ff:ff:ff:ff inet 192.168.1.107/24 brd 192.168.1.255 scope global dynamic eno16777736 valid_lft 86349sec preferred_lft 86349sec inet6 fe80::20c:29ff:fe45:e9ae/64 scope link valid_lft forever preferred_lft forever
Use the command nmcli d show (NetworkManager Command Line Interface, device, show) to see more in-depth information about your networking devices:
# nmcli d show GENERAL.DEVICE: eno16777736 GENERAL.TYPE: ethernet GENERAL.HWADDR: 00:0C:29:45:E9:AE GENERAL.MTU: 1500 GENERAL.STATE: 100 (connected) GENERAL.CONNECTION: eno16777736 GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/3 WIRED-PROPERTIES.CARRIER: on IP4.ADDRESS: 192.168.1.107/24 IP4.GATEWAY: 192.168.1.1 IP4.DNS: 184.108.40.206 IP4.DNS: 220.127.116.11 IP6.ADDRESS: fe80::20c:29ff:fe45:e9ae/64 IP6.GATEWAY: GENERAL.DEVICE: lo GENERAL.TYPE: loopback GENERAL.HWADDR: 00:00:00:00:00:00 GENERAL.MTU: 65536 GENERAL.STATE: 10 (unmanaged) GENERAL.CONNECTION: -- GENERAL.CON-PATH: -- IP4.ADDRESS: 127.0.0.1/8 IP4.GATEWAY: IP6.ADDRESS: ::1/128 IP6.GATEWAY:
With SysV init, by default, getty processes are started on the first six virtual consoles. They can be accessed with the Ctrl+Alt+F1 to Ctrl+Alt+F6 key combination. systemd starts the getty processes only when needed. That means, only after you change to, for instance, the second virtual terminal by pressing Ctrl+Alt+F2 is the getty process started in that terminal.
The /usr/lib/systemd/system/getty@.service file is responsible for the virtual terminals (/dev/tty[X]). /usr/lib/systemd/system/serial-getty@.service is responsible for all other terminals, such as a serial terminal on /dev/ttyS0.
Systemd provides a template unit file for serial getty. Template file can be found here
1. First copy the template:
# cp /usr/lib/systemd/system/serial-getty@.service [email protected]
2. Then edit the file and modify the agetty line:
[Service] ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 %I $TERM <-- Change this parameter Type=idle
3. Create a symlink:
# ln -s [email protected] /etc/systemd/system/getty.target.wants/
4. Reload the daemon and start the service:
Question : How to sync chrony to the local clock.
When the chrony service starts, there are some settings in the /etc/chrony/chrony.conf file that tells it to actually set the time if specific conditions occur. Below procedure lts you set the local clock as the source for chrony to synchronize the time.
1. Currently the chrony does not sync to local clock and ‘chronyc sources’ command gives the following result :
# chronyc sources 210 Number of sources = 1 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^? localhost
2. Edit /etc/chrony.conf to add the settings below. The configuration file needs atleast 3 of the below entries to have a local clock synchronization.
# vi /etc/chrony.conf server 127.127.1.0 allow 127.0.0.0/8 local stratum 10
3. Restart chronyd service
# systemctl restart chronyd.service
4. Verify the status of chrony synchronization
# chronyc sources 210 Number of sources = 1 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 127.127.1.0 15 6 377 42 -4471ns[ -13us] +/- 204us
Chosing between Chrony and NTP
– In RHEL 7 ntpd is replaced by chronyd as the default network time protocol daemon.
– Basic configuration for synchronize time and date is stored in the file /etc/chrony.conf.
– ntpd is still included in yum repository for customers who need to run an NTP service.
– Chrony is a different implementation of the network time protocol (NTP) than the network time protocol daemon (ntpd) that is able to synchronize the system clock faster and with better accuracy than ntpd.
Benefits of Chrony include:
1. Faster synchronization requiring only minutes instead of hours to minimize the time and frequency error, which is useful on desktops or systems not running 24 hours a day.
2. Better response to rapid changes in the clock frequency, which is useful for virtual machines that have unstable clocks or for power-saving technologies that don’t keep the clock frequency constant.
3. After the initial synchronization, it never steps the clock so as not to affect applications needing system time to be monotonic.
4. Better stability when dealing with temporary asymmetric delays, for example when the link is saturated by a large download.
5. Periodic polling of servers is not required, so systems with intermittent network connections can still quickly synchronize clocks.
When to use chrony
Chrony would be considered a best match for the systems which are frequently suspended or otherwise intermittently disconnected from a network (mobile and virtual servers etc).
When to use NTP
The NTP daemon (ntpd) should be considered for systems which are normally kept permanently on. Systems which are required to use broadcast or multicast IP, or to perform authentication of packets with the Autokey protocol, should consider using ntpd.
Why should a Linux boot loader have password protection?
The following are the primary reasons for password protecting a Linux boot loader:
1. Preventing Access to Single User Mode – If an attacker can boot into single user mode, he becomes the root user.
2. Preventing Access to the GRUB Console – If the machine uses GRUB as its boot loader, an attacker can use the GRUB editor interface to change its configuration or to gather information using the cat command.
3. Preventing Access to Non-Secure Operating Systems – If it is a dual-boot system, an attacker can select at boot time an operating system, such as DOS, which ignores access controls and file permissions.
Password protecting GRUB2
Follow the steps below to password protect GRUB2 in RHEL 7.
1. Remove –unrestricted from the main CLASS= declaration in /etc/grub.d/10_linux file.
This can be done by using sed to replace the
# sed -i "/^CLASS=/s/ --unrestricted//" /etc/grub.d/10_linux
2. If a user hasn’t already been configured, use grub2-setpassword to set a password for the root user :
This creates a file /boot/grub2/user.cfg if not already present, which contains the hashed GRUB bootloader password. This utility only supports configurations where there is a single root user.
Example /boot/grub2/user.cfg file :
# cat /boot/grub2/user.cfg GRUB2_PASSWORD=grub.pbkdf2.sha512.10000.CC6F56BFCFB90C49E6E16DC7234BF4DE4159982B6D121DC8EC6BF0918C7A50E8604CA40689A8B26EA01BF2A76D33F7E6C614E6289ABBAA6944ECB2B6DEB2F3CF.4B929016A827C36142CC126EB47E86F5F98E92C8C2C924AD0C98436E4699DF7536894F69BB904FDB5E609B9A5D67E28A7D79E8521C0B0AE6C031589FA0452A21
3. Recreate the grub config with grub2-mkconfig :
# grub2-mkconfig -o /boot/grub2/grub.cfg Generating grub configuration file ... Found linux image: /boot/vmlinuz-3.10.0-327.el7.x86_64 Found initrd image: /boot/initramfs-3.10.0-327.el7.x86_64.img Found linux image: /boot/vmlinuz-0-rescue-f9725b0c842348ce9e0bc81968cf7181 Found initrd image: /boot/initramfs-0-rescue-f9725b0c842348ce9e0bc81968cf7181.img done
4. Reboot the server and verify.
# shutdown -r now
Note that all defined grub menu entries will now require entering user & password each time at boot; henceforth, the system will not boot any kernel without direct user intervention from the console. When prompted for user, enter “root”. When prompted for password, enter whatever was passed to the grub2-setpassword command :
Remove password protection
To remove the password protection we can add the –unrestricted text in the main CLASS= declaration in /etc/grub.d/10_linux file again. Another way is to remove the /boot/grub2/user.cfg file which stores the hashed GRUB bootloader password.
Restricting only GRUB menu entry editing
If you only want to simply prevent users from entering the grub command line and edit menu entries (as opposed to completely locking menu entries), then all that is needed is execution of grub2-setpassword command.
Firewalld is the new way of interacting with the iptables rules in RHEL 7. It allows to set new sucurity rules and activate them in runtime without disconnecting any existing connections.
# firewall-cmd --state -- Display whether service is running # systemctl status firewalld -- Another command to display status of service # systemctl restart firewall-cmd -- To restart service # firewall-cmd --reload -- To reload the permanent rules without interrupting existing persistent connections
To start/stop/status firewalld service
# systemctl start firewalld.service # systemctl stop firewalld.service # systemctl status firewalld.service
To enable/disable firewalld service at boot time
To enable firewalld service from starting at boot time.
# systemctl enable firewalld
To disable firewalld service from starting at boot time.
# systemctl disable firewalld
To list details of default and active zones
# firewall-cmd --get-default-zone # firewall-cmd --get-active-zones # firewall-cmd --list-all
To add/remove interfaces to zones
To add interface “eth1” to “public” zone.
# firewall-cmd --zone=public --change-interface=eth1
To list/add/remove services to zones
To list available services :
# firewall-cmd --get-services
To add “samba and samba-client” service to a specific zone. You may include, “permanent” flag to make this permanent change.
# firewall-cmd --zone=public --add-service=samba --add-service=samba-client --permanent
To list services configured in a specific zone.
# firewall-cmd --zone=public --list-service
To list and Add ports to firewall
# firewall-cmd --list-ports
# firewall-cmd --zone=public --add-port=5000/tcp
You may restart the Network service followed by Firewall server.
# systemctl restart network.service # systemctl restart firewalld.service
Question : How to disable firewalld and enable iptables instead?
To switch to from firewalld to iptables follow the steps given below.
1. Firstly ensure the iptables-services package is installed.
# yum install -y -q iptables-services
2. Then prepare the iptables rules you wish to use by editing /etc/sysconfig/iptables and /etc/sysconfig/ipt6tables.
3. Next, disable and stop the firewalld service
# systemctl disable firewalld rm '/etc/systemd/system/basic.target.wants/firewalld.service' rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
# systemctl stop firewalld
4. Then start iptables services :
# systemctl start iptables # systemctl start ip6tables
5. Enable iptables service to automatically start at boot :
# systemctl enable iptables ln -s '/usr/lib/systemd/system/iptables.service' '/etc/systemd/system/basic.target.wants/iptables.service' # systemctl enable ip6tables ln -s '/usr/lib/systemd/system/ip6tables.service' '/etc/systemd/system/basic.target.wants/ip6tables.service'
NFS allows a linux server to share directories with other UNIX clients over network. NFS server exports a directory and NFS client mounts this directory. RHEL 7 supports two version of NFS – NFSv3 and NFSv4.
NFS server and RPC processes
starting the nfs-server process starts the NFS server and other RPC processes. RPC processes includes:
– rpc.statd : implements monitoring protocol (NSM) between NFS client and NFS server
– rpc.mountd : NFS mount daemon that implements the server side of the mount requests from NFSv3 clients.
– rpc.idmapd : Maps NFSv4 names and local UIDs and GIDs
– rpc.rquotad : provides user quota information for remote users.
Configuring NFS server
1. Install the required nfs packages if not already installed on the server :
# rpm -qa | grep nfs-utils
# yum install nfs-utils rpcbind
2. Enable the services at boot time:
# systemctl enable nfs-server # systemctl enable rpcbind
# systemctl enable nfs-lock
In RHEL7.1 (nfs-utils-1.3.0-8.el7) enabling nfs-lock does not work (No such file or directory). it does not need to be enabled since rpc-statd.service is static.
# systemctl enable nfs-idmap
In RHEL7.1 (nfs-utils-1.3.0-8.el7) this does not work (No such file or directory). it does not need to be enabled since nfs-idmapd.service is static.
3. Start the NFS services:
# systemctl start rpcbind # systemctl start nfs-server # systemctl start nfs-lock # systemctl start nfs-idmap
4. Check the status of NFS service:
# systemctl status nfs
5. Create a shared directory:
# mkdir /test
6. Export the directory. The format of the /etc/exports file is :
dir client1 (options) [client2(options)...]
Client options include (defaults are listed first) :
ro / rw :
a) ro : allow clients read only access to the share.
b) rw : allow clients read write access to the share.
sync / async :
a) sync : NFS server replies to request only after changes made by previous request are written to disk.
b) async : specifies that the server does not have to wait.
wdelay / no_wdelay
a) wdelay : NFS server delays committing write requests when it suspects another write request is imminent.
b) no_wdelay : use this option to disable to the delay. no_wdelay option can only be enabled if default sync option is enabled.
no_all_squash / all_squash :
a) no_all_squash : does not change the mapping of remote users.
b) all_squash : to squash all remote users including root.
root_squash / no_root_squash :
a) root_squash : prevent root users connected remotely from having root access. Effectively squashing remote root privileges.
b) no_root_squash : disable root squashing.
# vi /etc/exports /test *(rw)
7. Exporting the share :
# exportfs -r
-r re-exports entries in /etc/exports and sync /var/lib/nfs/etab with /etc/exports. The /var/lib/nfs/etab is the master export table. Other options that can be used with exportfs command are :
-a : exports entries in /etc/exports but do not synchronize with /var/lib/nfs/etab -i : ignore entries in /etc/exports and uses command line arguments. -u : un-export one or more directories -o : specify client options on command line
8. Restart the NFS service:
# systemctl restart nfs-server
Configuring NFS client
1. Install the required nfs packages if not already installed on the server :
# rpm -qa | grep nfs-utils
# yum install nfs-utils
2. Use the mount command to mount exported file systems. Syntax for the command:
mount -t nfs -o options host:/remote/export /local/directory
# mount -t nfs -o ro,nosuid remote_host:/home /remote_home
This example does the following:
– It mounts /home from remote host (remote_host) on local mount point /remote_home.
– File system is mounted read-only and users are prevented from running a setuid program (-o ro,nosuid options).
3. Update /etc/fstab to mount NFS shares at boot time.
# vi /etc/fstab remote_host:/home /remote_home nfs ro,nosuid 0 0
Firewalld services to be active on NFS server
For the NFS server to work, enable the nfs, mountd, and rpc-bind services in the relevant zone in the firewall-config application or using firewall-cmd :
# firewall-cmd --add-service=nfs --zone=internal --permanent # firewall-cmd --add-service=mountd --zone=internal --permanent # firewall-cmd --add-service=rpc-bind --zone=internal --permanent
– A packet filtering firewall reads incoming network packets and filters (allows or denies) each data packet based on the header information in the packet. The Linux kernel has built-in packet filtering functionality called Netfilter.
– Two services are available in RHEL 7 to create, maintain, and display the rules stored by Netfilter:
– In RHEL 7, the default firewall service is firewalld.
– firewalld is a dynamic firewall manager which supports firewall (network) zones.
– The firewalld service has support for IPv4, IPv6, and for Ethernet bridges.
– The firewalld service also provides a D-BUS interface. Services or applications already using D-BUS can add or request changes to firewall rules directly through the D-BUS interface.
Advantages over iptables
firewalld has the following advantages over iptables :
1. Unlike the iptables command, the firewall-cmd command does not restart the firewall and disrupt established TCP connections.
2. firewalld supports dynamic zones.
3. firewalld supports D-Bus for better integration with services that depend on firewall configuration.
The firewalld service has two types of configuration options:
1. Runtime: Changes to firewall settings take effect immediately but are not permanent. Changes made in runtime configuration mode are lost when the firewalld service is restarted.
2. Permanent: Changes to firewall settings are written to configuration files. These changes are applied when the firewalld service restarts.
Configuration files for firewalld exist in two directories:
/usr/lib/firewalld: Contains default configuration files. Do not make changes to these files. An upgrade of the firewalld package overwrites this directory.
/etc/firewalld: Changes to the default configuration files are stored in this directory.Files in this directory overload the default configuration files.
The firewalld service allows you to separate networks into different zones based on the level of trust you want to place on the devices and traffic within a specific network. For each zone you can define the following features:
Services: Predefined or custom services to trust. Trusted services are a combination of ports and protocols that are accessible from other systems and networks.
Ports: Additional ports or port ranges and associated protocols that are accessible from other systems and networks.
Masquerading: Translate IPv4 addresses to a single external address. With masquerading enabled, addresses of a private network are mapped to and hidden behind a public address.
Port Forwarding: Forward inbound network traffic from a specific port or port range to an alternative port on the local system, or to a port on another IPv4 address.
ICMP Filter: Block selected Internet Control Message Protocol messages.
Rich Rules: Extend existing firewalld rules to include additional source and destination addresses and logging and auditing actions.
Interfaces: Network interfaces bound to the zone. The zone for an interface is specified with the ZONE=option in the /etc/sysconfig/network-scripts/ifcfg file. If the option is missing, the interface is bound to the default zone.
Predefined firewalld Zones
The firewalld software package includes a set of predefined network zones in the following directory:
# ls -lrt /usr/lib/firewalld/zones/ total 36 -rw-r----- 1 root root 342 Sep 15 2015 work.xml -rw-r----- 1 root root 162 Sep 15 2015 trusted.xml -rw-r----- 1 root root 315 Sep 15 2015 public.xml -rw-r----- 1 root root 415 Sep 15 2015 internal.xml -rw-r----- 1 root root 400 Sep 15 2015 home.xml -rw-r----- 1 root root 304 Sep 15 2015 external.xml -rw-r----- 1 root root 291 Sep 15 2015 drop.xml -rw-r----- 1 root root 293 Sep 15 2015 dmz.xml -rw-r----- 1 root root 299 Sep 15 2015 block.xml
The zone files contain preset settings, which can be applied to a network interface. For example:
# grep –i service /usr/lib/firewalld/zones/public.xml <service name=“ssh”/> <service name=“dhcpv6-client”/>
In this example, network interfaces bound to the public zone trust only two services, ssh and dhcpv6-client.
A brief explanation of each zone follows:
drop: Any incoming network packets are dropped, there is no reply. Only outgoing
network connections are possible.
block: Any incoming network connections are rejected with an icmp-host- prohibited message for IPv4 and icmp6-adm-prohibited for IPv6. Only network connections initiated from within the system are possible.
home: For use in home areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.
public: For use in public areas. You do not trust the other computers on the network to not harm your computer. Only selected incoming connections are accepted.
work: For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.
dmz: For computers in your demilitarized zone that are publicly accessible with limited access to your internal network. Only selected incoming connections are accepted.
external: For use on external networks with masquerading enabled especially for routers. You do not trust the other computers on the network to not harm your computer. Only selected incoming connections are accepted.
internal: For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming connections are accepted.
trusted: All network connections are accepted.
Setting the Default firewalld Zone
After an initial installation, the public zone is the default zone as specified in the configuration file, /etc/firewalld/firewalld.conf.
# grep –i defaultzone /etc/firewalld/firewalld.conf DefaultZone=public
Network interfaces are bound to the default zone unless specified with ZONE=[zone] in the ifcfg file. The following command shows the interfaces that are bound to the public zone:
# firewall-cmd --get-active-zone public interfaces: eth0 eth1
You can use the firewall-cmd command to change the default zone:
# firewall-cmd --set-default-zone=work success
You can also use the firewall-config GUI to change the default zone. From the menu bar, select Options->Change Default Zone, and then select a zone from a pop-up list.
– A firewalld service is a combination of local ports and protocols and destination addresses.
– A firewalld service can also include Netfilter kernel modules that are automatically loaded when a service is enabled.
– The firewalld software package includes a set of predefined services in the following directory:
# # ls -lrt /usr/lib/firewalld/zones/ total 36 -rw-r----- 1 root root 342 Sep 15 2015 work.xml -rw-r----- 1 root root 162 Sep 15 2015 trusted.xml -rw-r----- 1 root root 315 Sep 15 2015 public.xml -rw-r----- 1 root root 415 Sep 15 2015 internal.xml -rw-r----- 1 root root 400 Sep 15 2015 home.xml -rw-r----- 1 root root 304 Sep 15 2015 external.xml -rw-r----- 1 root root 291 Sep 15 2015 drop.xml -rw-r----- 1 root root 293 Sep 15 2015 dmz.xml -rw-r----- 1 root root 299 Sep 15 2015 block.xml
– Services can be enabled for a zone in Runtime mode.
– Service definitions can only be edited in Permanent mode.
To start firewalld:
# systemctl start firewalld
To ensure firewalld starts at boot time:
# systemctl enable firewalld
To check if firewalld is running:
# systemctl status firewalld # firewall-cmd --state
Three methods to configure the firewalld service:
– firewall-cmd : Command-line interface
– firewall-config : Graphical user interface
– Edit various XML configuration files.
The firewall-cmd Utility
The command-line tool firewall-cmd is part of the firewalld application, which is installed by default. To get help on the firewall-cmd command:
# firewall-cmd --help
The firewall-cmd command offers categories of options such as General, Status, Permanent, Zone, IcmpType, Service, Adapt and Query Zones, Direct, Lockdown, Lockdown Whitelist, and Panic. To list information for all zones:
# firewall-cmd --list-all-zones public (default, active) interfaces: eth0 eth1 sources: services: dhcpv6-client ssh ports: ...
To permit access by HTTP clients for the public zone:
# firewall-cmd --zone=public --add-service=http success
To list services that are allowed for the public zone:
# firewall-cmd --zone=work --list-services dhcpv6-client http ssh
Using this command only changes the Runtime configuration and does not update the configuration files.
The configuration changes made in Runtime configuration mode are lost when the firewalld service is restarted:
# systemctl restart firewalld # firewall-cmd --zone=work --list-services dhcpv6-client ssh
To make changes permanent, use the –permanent option. Example:
# firewall-cmd --permanent --zone=public --add-service=http success
Changes made in Permanent configuration mode are not implemented immediately. However, changes made in Permanent configuration are written to configuration files. Restarting the firewalld service reads the configuration files and implements the changes. Example:
# systemctl restart firewalld # firewall-cmd --zone=work --list-services dhcpv6-client http ssh
When you convert a linear volume to a mirrored volume, you are basically creating an extra mirror copy for an existing volume. This means that your volume group must contain the devices and space for the mirrors and for the mirror log. If losing a copy of a mirror, LVM converts the volume to a linear volume so that you still have access to the volume. And Option ‘[ -m | –mirrors ]’ specifies the degree of the mirror you wish to create.
- “-m 1” would convert the original logical volume to a mirror volume with 2-sides; that is, a linear volume plus one copy.
- And ” -m 0 ” will converts the mirrored logical volume to a linear logical volume, removing or breaking the mirror leg including the mirrored devices.
Creating LVM mirrors
The following command converts the linear logical volume ‘datavg/testlv’ to a mirrored logical volume :
# lvconvert -m1 datavg/testlv
The below commands shows the configuration of the volume after the lvconvert command changed the volume to a volume with two mirror copies.
# lvs -a -o name,copy_percent,devices datavg LV Cpy%Sync Devices testlv 100.00 testlv_rimage_0(0),testlv_rimage_1(0) [testlv_rimage_0] /dev/sdb(0) [testlv_rimage_1] /dev/sdc(1) [testlv_rmeta_0] /dev/sdb(256) [testlv_rmeta_1] /dev/sdc(0)
# lvs --all --segments -o +devices LV VG Attr #Str Type SSize Devices root centos -wi-ao---- 1 linear 17.47g /dev/sda2(512) swap centos -wi-ao---- 1 linear 2.00g /dev/sda2(0) testlv datavg rwi-aor--- 2 raid1 1.00g testlv_rimage_0(0),testlv_rimage_1(0) [testlv_rimage_0] datavg iwi-aor--- 1 linear 1.00g /dev/sdb(0) [testlv_rimage_1] datavg iwi-aor--- 1 linear 1.00g /dev/sdc(1) [testlv_rmeta_0] datavg ewi-aor--- 1 linear 4.00m /dev/sdb(256) [testlv_rmeta_1] datavg ewi-aor--- 1 linear 4.00m /dev/sdc(0)
Removing LVM mirrors
The following command converts the mirrored logical volume datavg/testlv to a linear logical volume, removing or breaking the mirror copy including the mirrored devices. Note that, we have to specify the device to detach the mirror copy.
# lvconvert -m0 datavg/testlv /dev/sdc
Check the status of volume and devices again to see the difference :
# lvs -a -o +devices LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert Devices root centos -wi-ao---- 17.47g /dev/sda2(512) swap centos -wi-ao---- 2.00g /dev/sda2(0) testlv datavg -wi-ao---- 1.00g /dev/sdb(0)
# lvs -a -o name,devices datavg LV Devices testlv /dev/sdb(0)