new file mode 100755

Binary files /dev/null and b/docs/images/ova-firefox.png differ

new file mode 100755

Binary files /dev/null and b/docs/images/ova-import.png differ

new file mode 100755

Binary files /dev/null and b/docs/images/photon-installer-sm.png differ

new file mode 100755

Binary files /dev/null and b/docs/images/ws-new-vm.png differ

new file mode 100755

@@ -0,0 +1,1540 @@

+# Photon Administration Guide

+

+-   [Introduction](#introduction)

+    -   [Examining the Packages in the SPECS Directory on

+        Github](#examining-the-packages-in-the-specs-directory-on-github)

+    -   [Looking at the Differences Between the Minimal and the Full

+        Version](#looking-at-the-differences-between-the-minimal-and-the-full-version)

+    -   [The Root Account and the sudo and su

+        Commands](#the-root-account-and-the-sudo-and-su-commands)

+-   [Quick Start](#quick-start)

+    -   [Obtaining the ISO from Bintray and Creating a Photon OS VM in

+        VMware

+        Workstation](#obtaining-the-iso-from-bintray-and-creating-a-photon-os-vm-in-vmware-workstation)

+    -   [Installing the OVA for the Minimal Version in

+        vSphere](#installing-the-ova-for-the-minimal-version-in-vsphere)

+    -   [Rapidly Deploying the Photon OS OVA in VMware Workstation 12

+        Pro](#rapidly-deploying-the-photon-os-ova-in-vmware-workstation-12-pro)

+    -   [Root Password Rules](#root-password-rules)

+    -   [Permitting Root Login with

+        SSH](#permitting-root-login-with-ssh)

+    -   [Deploying Photon OS on a Mac with

+        AppCatalyst](#deploying-photon-os-on-a-mac-with-appcatalyst)

+    -   [PXE Boot](#pxe-boot)

+    -   [Kickstart](#kickstart)

+    -   [Checking the Version and Build

+        Number](#checking-the-version-and-build-number)

+-   [Tiny DNF for Package Management](#tiny-dnf-for-package-management)

+    -   [Configuration Files and

+        Repositories](#configuration-files-and-repositories)

+    -   [Options for Commands](#options-for-commands)

+    -   [Commands](#commands)

+    -   [Adding a New Repository](#adding-a-new-repository)

+-   [Managing Services with systemd](#managing-services-with-systemd)

+    -   [Viewing Services](#viewing-services)

+    -   [Controlling Services](#controlling-services)

+    -   [Creating a Startup Service](#creating-a-startup-service)

+    -   [Disabling the Photon OS

+        httpd.service](#disabling-the-photon-os-httpd.service)

+    -   [Auditing System Events with

+        auditd](#auditing-system-events-with-auditd)

+    -   [Analyzing systemd Logs with

+        journalctl](#analyzing-systemd-logs-with-journalctl)

+    -   [Migrating Scripts to systemd](#migrating-scripts-to-systemd)

+-   [Managing the Network

+    Configuration](#managing-the-network-configuration)

+    -   [Use `ip` and `ss` Commands Instead of `ifconfig` and

+        `netstat`](#use-ip-and-ss-commands-instead-of-ifconfig-and-netstat)

+    -   [Configuring Network

+        Interfaces](#configuring-network-interfaces)

+    -   [Setting a Static IP Address](#setting-a-static-ip-address)

+    -   [Turning Off DHCP](#turning-off-dhcp)

+    -   [Adding a DNS Server](#adding-a-dns-server)

+    -   [Setting Up Networking for Multiple

+        NICs](#setting-up-networking-for-multiple-nics)

+    -   [Combining DHCP and Static IP Addresses with IPv4 and

+        IPv6](#combining-dhcp-and-static-ip-addresses-with-ipv4-and-ipv6)

+    -   [Inspecting the Status of Network Links with

+        `networkctl`](#inspecting-the-status-of-network-links-with-networkctl)

+    -   [Turning on Network Debugging](#turning-on-network-debugging)

+    -   [Mounting a Network File

+        System](#mounting-a-network-file-system)

+    -   [Installing the Packages for tcpdump and netcat with

+        tdnf](#installing-the-packages-for-tcpdump-and-netcat-with-tdnf)

+-   [Cloud-Init on Photon OS](#cloud-init-on-photon-os)

+    -   [Creating a Stand-Alone Photon Machine with

+        cloud-init](#creating-a-stand-alone-photon-machine-with-cloud-init)

+    -   [Customizing a Photon OS Machine on

+        EC2](#customizing-a-photon-os-machine-on-ec2)

+    -   [Running a Photon OS Machine on

+        GCE](#running-a-photon-os-machine-on-gce)

+-   [Docker Containers](#docker-containers)

+-   [Kubernetes](#kubernetes)

+-   [RPM-OSTree](#rpm-ostree)

+-   [Disabling TLS 1.0 to Improve Transport Layer

+    Security](#disabling-tls-1.0-to-improve-transport-layer-security)

+-   [Building a Package from a Source

+    RPM](#building-a-package-from-a-source-rpm)

+-   [References](#references)

+

+

+## Introduction

+

+This guide covers managing packages, controlling services with systemd, setting up networking, initializing Photon OS with cloud-init, running Docker containers, and working with other technologies, such as Kubernetes. 

+

+Photon OS is a Linux container host optimized for vSphere and cloud-computing platforms such as Amazon Elastic Compute and Google Compute Engine. Photon OS is lightweight and extensible. It supports the most common container formats, including Docker, Rocket, and Garden. Photon OS includes a yum-compatible, package-based lifecycle management system called tdnf and optionally works with RPM-OSTree for image-based system versioning. 

+

+When used with development tools and environments such as VMware Fusion, VMware Workstation, HashiCorp (Vagrant and Atlas), and production runtime environments (vSphere, vCloud Air), Photon OS lets you seamlessly migrate container-based applications from development to production. With a small footprint and fast boot and run times, Photon OS is optimized for cloud computing and cloud  applications.  

+

+There are two versions of Photon OS: a minimal version and a full version. 

+

+The minimal version of Photon OS is lightweight container host runtime environment best suited to managing and hosting containers. The minimal version contains just enough packaging and functionality to manage and modify containers while remaining a fast runtime environment. The minimal version is ready to work with appliances. 

+

+The full version of Photon OS includes additional packages to help you customize the system and create containerized applications. For  running containers, the full version is excessive. The full version is targeted at helping you create, develop, test, and package an application that runs a container. 

+

+Two characteristics of Photon OS stand out: It manages services with systemd and it manages packages with an open source, yum-compatible package manager called tdnf, for Tiny DNF. 

+

+By using systemd, Photon OS adopts a contemporary Linux standard to manage system services. Photon OS bootstraps the user space and concurrently starts services with systemd. The systemctl utility controls services on Photon OS. For example, instead of running the /etc/init.d/ssh script to stop and start the OpenSSH server on a init.d-based Linux system, you run the following systemctl commands on Photon OS: 

+

+	systemctl stop sshd

+	systemctl start sshd

+

+Tdnf keeps the operating system as small as possible while preserving yum's robust package-management capabilities. On Photon OS, tdnf is the default package manager for installing new packages. It is a C implementation of DNF package manager. 

+

+### Examining the Packages in the SPECS Directory on Github

+

+The SPECS directory of the GitHub website for Photon OS contains all the packages that can appear in Photon OS repositories:  

+

+https://github.com/vmware/photon/tree/master/SPECS

+

+To see the version of a package, in the SPECS directory, click the name of the subdirectory of the package that you want to examine, and then click the `.spec` filename in the subdirectory. For example, the version of OpenJDK, which contains the openjre package that installs the Java class library and the javac Java compiler, looks like this: 

+

+<pre>

+%define _use_internal_dependency_generator 0

+Summary:	OpenJDK 

+Name:		openjdk

+Version:	1.8.0.72

+Release:	1%{?dist}

+License:	GNU GPL

+URL:		https://openjdk.java.net

+Group:		Development/Tools

+Vendor:		VMware, Inc.

+Distribution:   Photon

+AutoReqProv: 	no

+Source0:	http://anduin.linuxfromscratch.org/files/BLFS/OpenJDK-%{version}/OpenJDK-%{version}-x86_64-bin.tar.xz

+%define sha1 OpenJDK=0c705d7b13f4e22611d2da654209f469a6297f26

+%description

+The OpenJDK package installs java class library and javac java compiler. 

+

+%package	-n openjre

+Summary:	Jave runtime environment

+AutoReqProv: 	no

+%description	-n openjre

+It contains the libraries files for Java runtime environment

+#%global __requires_exclude ^libgif.*$

+#%filter_from_requires ^libgif.*$...

+...

+</pre>

+

+### Looking at the Differences Between the Minimal and the Full Version

+

+The minimal version of Photon OS contains about 50 packages. The full version of Photon OS adds several hundred packages to those in the minimal version to create a more fully featured operating system. 

+

+You can view a list of the packages that appear in the minimal version by examining the following file: 

+

+[https://github.com/vmware/photon/blob/master/common/data/packages_minimal.json](https://github.com/vmware/photon/blob/master/common/data/packages_minimal.json)

+

+You can view a list of the packages that appear in the minimal version by examining the following file: 

+

+[https://github.com/vmware/photon/blob/master/common/data/packages_full.json](https://github.com/vmware/photon/blob/master/common/data/packages_full.json)

+

+If the minimal or the full version of Photon OS does not contain a package that you want, you can of course install it with tdnf, which appears in both the minimal and full versions of Photon OS by default. In the full version of Photon OS, you can also install packages by using yum. 

+

+One notable difference between the two versions of Photon OS pertains to OpenJDK, the package that contains not only the Java runtime environment (openjre) but also the Java compiler (javac). The OpenJDK package appears in the full but not the minimal version of Photon OS. To add support for Java programs to the minimal version of Photon OS, install the Java packages and their dependencies: 

+

+	tdnf install openjdk

+	Installing:

+	openjre 	x86_64    1.8.0.92-1.ph1    95.09 M

+	openjdk 	x86_64    1.8.0.92-1.ph1    37.63 M

+

+A later section covers tdnf. 

+

+### The Root Account and the sudo and su Commands

+

+This guide assumes that you are logged in to Photon OS with the root account and running commands as root. The sudo program comes with the full version of Photon OS. On the minimal version, you must install sudo with tdnf if you want to use it. As an alternative to installing sudo on the minimal version, you can switch users as needed with the `su` command to run commands that require root privileges. 

+

+## Quick Start

+

+This section helps you get Photon OS up and running quickly and easily. There are several ways to deploy Photon OS for free within a matter of minutes:

+

+* Obtain the ISO from Bintray and use it to create a virtual machine running Photon OS.

+* Install the OVA for the minimal version of Photon OS in VMware vSphere.

+* Rapidly deploy the OVA for the minimal version of Photon OS in VMware Workstation 12 Pro. 

+* Install VMware AppCatalyst for free on a Mac and launch a virtual machine running Photon OS, which is included with AppCatalyst.

+

+### Obtaining the ISO from Bintray and Creating a Photon OS VM in VMware Workstation

+

+The full version of Photon OS installs from an ISO in VMware Workstation and other hypervisors in a matter of minutes. Photon OS is a free download from the Bintray web site.

+

+This section demonstrates how to create a virtual machine running Photon OS in VMware Workstation 12 Pro. If you are using a different hypervisor, the example set by this section should help you install it in your system. If you work on a Mac, see the section on deploying Photon OS on a Mac with VMware AppCatalyst below. For instructions on how to install Photon OS from an ISO in VMware vSphere, see [Installing Photon OS on VMware vSphere from an ISO Image](https://github.com/vmware/photon/wiki/Running-Project-Photon-on-vSphere).

+

+1. Go to the following Bintray URL and download the ISO for the general availability release of Photon OS:

+

+	https://bintray.com/vmware/photon/iso/view

+

+1. In VMware Workstation, type Ctrl+N to create a new virtual machine. 

+

+1. In the New Virtual Machine Wizard, select `Typical`, and then click `Next`.

+

+1. Select `Installer disk image file (iso)`, click `Browse` to locate the Photon OS ISO that you downloaded from Bintray, and then click `Next`.

+

+1. For the guest operating system, select `Linux`. From the `Version` drop-down menu, select `VMware Photon 64-bit`. If you have an older version of VMware Workstation and Photon does not appear in the list, select `Other Linux 3.x kernel 64-bit`.

+![Alt text](images/ws-new-vm.png)

+

+1. Click `Next` through the remaining dialog boxes of the wizard,  either accepting the default settings, which is recommended, or making the changes that you want, and then click `Finish`.

+

+1. Power on the virtual machine and, in the Workstation window containing Photon, press Enter to start the installation.

+![installer](images/photon-installer-sm.png)

+

+1. During disk setup, the installer might ask you to confirm that this will erase the disk. If so, accept the default value of `yes` by hitting your Enter key.

+

+1. Select the installation that you want. For this example, choose `Photon Full` by using the tab key to move to Photon Full and then hitting the space bar to select it. Press Enter to install it. 

+

+1. Either accept the default hostname that Photon provides or type the name that you want. Press Enter to continue. 

+

+1. Type the root password. Photon OS requires the root password to be a complex string containing no common words or names.

+

+The installation typically completes in about 150 seconds for the full version and in less than 30 seconds for the minimal version. After the installation finishes, boot the system and log in as root with your root password. 

+

+To connect to Photon OS by SSH, see the section on permitting root login with SSH below.  

+

+You can also build an ISO containing Photon OS from its source code on GitHub by following the instructions in the document on [building Photon OS](https://github.com/vmware/photon/blob/master/docs/build-photon.md). 

+

+### Installing the OVA for the Minimal Version in vSphere

+

+You can download the OVA for the minimal version of Photon OS from Bintray and deploy it in vSphere in a matter of seconds. 

+

+Download the OVA for the minimal version of Photon OS from the following URL: 

+

+	https://bintray.com/vmware/photon/ova

+

+To install the OVA in vSphere, on the File menu, click Deploy OVF Template, and then click Browse to locate the image that you downloaded. Move through the Deploy OVF Template dialog boxes by clicking Next to accept the default settings, and then click Finish. 

+

+In vSphere Client, turn on the power of the Photon OS virtual machine and open a console to it.

+

+The default password for the root account is `changeme`, and you must change it when you first login. For security, Photon OS forbids common dictionary words for the root password. 

+

+There are other options for installing Photon OS in vSphere, such as building an ISO from the source code. For more information about the versions of Photon and their installation options, see [Running Photon OS on vSphere](https://github.com/vmware/photon/wiki/Running-Project-Photon-on-vSphere).

+

+### Rapidly Deploying the Photon OS OVA in VMware Workstation 12 Pro

+

+Here's how to rapidly deploy the OVA for Photon in VMware Workstation 12 Pro by using an up-to-date version of Firefox. The procedure in other browsers or another version of Workstation might be different. 

+

+In Firefox, download the OVA for the minimal version of Photon OS from this URL: 

+

+	https://bintray.com/vmware/photon/ova

+

+In the download dialog box, select `Open with VMware Workstation (default)`, like this:

+

+![Alt text](images/ova-firefox.png)

+

+In the Workstation Import dialog box, click Import.

+

+![Alt text](images/ova-import.png)

+

+Workstation creates a virtual machine from the Photon OS OVA template in a few seconds. In Workstation, power on the virtual machine and log in as root with the initial password of `changeme`.

+

+Photon OS then prompts you to change the root password.  

+	

+###	Root Password Rules

+

+When you first log on a new Photon OS machine, you must set the root password to a complex string containing no common words or names. Photon OS rejects a root password that contains simplistic patterns, common words, or words derived from the name of your account. The rules apply only to the root password, not other user and group accounts. 

+

+###	Permitting Root Login with SSH

+

+The full version of Photon OS prevents root login with SSH by default. To permit root login over SSH, open `/etc/ssh/sshd_config` with the vim text editor and set `PermitRootLogin` to `yes`. 

+

+Vim is the default text editor available in both the full and minimal versions of Photon OS. (Nano is also in the full version.) After you modify the SSH daemon's configuration file, you must restart the sshd daemon for the changes to take effect. Example: 

+

+	vim /etc/ssh/sshd_config

+

+	# override default of no subsystems

+	Subsystem       sftp    /usr/libexec/sftp-server

+

+	# Example of overriding settings on a per-user basis

+	#Match User anoncvs

+	#       X11Forwarding no

+	#       AllowTcpForwarding no

+	#       PermitTTY no

+	#       ForceCommand cvs server

+	PermitRootLogin yes

+	UsePAM yes

+

+Save your changes in vim and then restart the sshd daemon: 

+

+	systemctl restart sshd

+

+You can then connect to the Photon OS machine with the root account over SSH:

+

+	steve@ubuntu:~$ ssh root@192.168.137.131

+

+### Deploying Photon OS on a Mac with AppCatalyst

+

+VMware AppCatalyst brings the data center to your Mac desktop. AppCatalyst furnishes a Mac computer with a free hypervisor for creating virtual machines that run Photon OS, which is bundled with AppCatalyst. 

+

+Driven by an API and a command-line interface, AppCatalyst empowers you to replicate a cluster of virtual machines on a Mac to build containerized applications with microservices on Photon OS. AppCatalyst also integrates with Vagrant. AppCatalyst is a technology preview. 

+

+AppCatalyst is optimized for cloud-native application workloads. A common use case of developers is to run a desktop hypervisor so they can install a Linux machine, and for many developers, this setup takes place on a Mac. For these developers, a common use case for the desktop hypervisor is running Docker to accelerate the development and testing of their code. 

+

+By bundling Photon OS with AppCatalyst, VMware streamlines the workflow of getting a Docker engine running on a Linux machine inside a hypervisor on a Mac. 

+

+Here's how to install AppCatalyst, create a VM running Photon OS, and run a Docker container---all in a matter of minutes. The technology preview version of AppCatalyst requires Mac OS X 10.9 or later.

+

+First, turn off Fusion if you are running it on your Mac. 

+

+Second, download AppCatalyst from the following URL and then install the `.dmg` file by following the instructions in the installation wizard: 

+

+	https://www.vmware.com/cloudnative/appcatalyst-download

+

+After the wizard finishes installing AppCatalyst, you're ready to run the application. AppCatalyst does not appear in the Applications directory. Instead, in Terminal, run the following command: 

+

+	/opt/vmware/appcatalyst/bin/appcatalyst

+

+The following command creates a VM named `photonos1` by taking advantage of the template for Photon OS that is built into AppCatalyst: 

+

+	/opt/vmware/appcatalyst/bin/appcatalyst vm create photonos1

+

+By default, the VMs that you create reside in the `AppCatalyst` subdirectory of the user's `/Documents` directory.

+

+Next, make sure that there are no machines running in VMware Fusion and that it is shut down, and then turn on the VM by running this command.  

+

+	/opt/vmware/appcatalyst/bin/appcatalyst vmpower on photonos1

+

+Obtain the IP address of the VM so you can establish an SSH connection to it: 

+

+	/opt/vmware/appcatalyst/bin/appcatalyst guest getip photonos1

+

+You can then connect to the VM with the SSH keys included with AppCatalyst by running the following command and replacing the example IP address with the IP address of your VM: 

+

+	ssh -i /opt/vmware/appcatalyst/etc/appcatalyst_insecure_ssh_key photon@192.168.137.131

+

+Photon OS includes Docker. From your SSH terminal connection to the Photon OS virtual machine, you can launch a Docker container that, for example, downloads Ubuntu from the Docker repository and runs it in the Photon OS VM in AppCatalyst on your Mac: 

+

+	systemctl start docker

+	docker run -i -t ubuntu:14.04 /bin/bash

+

+When you are done, exit the Ubuntu machine to stop the Docker container to conserve system resources.  

+

+Photon OS also gives you the option of running a Docker container that, in turn, runs an instance of Photon OS:

+

+	docker run -i -t photon /bin/bash

+

+If you need to troubleshoot, the log files for AppCatalyst reside here:  

+

+	/Users/<your_username>/Library/Logs/VMware

+

+Virtual machines in AppCatalyst can be managed through its API. For more information, see the [AppCatalyst documentation](http://getappcatalyst.com/docs/Tech_Preview_August/) and the [AppCatalyst community site](https://communities.vmware.com/community/vmtn/devops/vmware-appcatalyst).

+

+### PXE Boot

+

+Photon OS works with the Preboot Execution Environment, or PXE, to boot by retrieving software from a PXE server over a network connection. For instructions on how to set Photon OS to boot from a PXE server, see [Network PXE Boot](https://github.com/vmware/photon/blob/master/docs/PXE-boot.md).

+

+### Kickstart

+

+Photon OS supports kickstart for unattended installations through a CD-ROM or an HTTP server. On Photon OS, kickstart can set the hostname, password, run post-installation scripts, and add public keys for SSH. See [Kickstart Support](https://github.com/vmware/photon/blob/master/docs/kickstart.md).

+

+### Checking the Version and Build Number

+

+To check the version and build number of Photon OS, concatenate `/etc/photon-release`. Example: 

+

+	cat /etc/photon-release

+	VMware Photon Linux 1.0

+	PHOTON_BUILD_NUMBER=a6f0f63

+

+The build number in the results maps to the commit number on the VMware Photon OS GitHub [commits page](https://github.com/vmware/photon/commits/master).

+

+## Tiny DNF for Package Management

+

+On Photon OS, Tiny DNF is the default package manager for installing new packages. Tdnf is a C implementation of DNF package manager. The standard syntax for tdnf commands is the same as that for DNF: 

+

+	tdnf [options] <command> [<arguments>...]

+

+You can view its help information like this: 

+

+	tdnf --help

+	tdnf -h

+

+In the minimal version of Photon OS, tdnf serves as the sole package manager to streamline the operating system. The full version of Photon OS includes yum, a common utility that checks for, downloads, and automatically installs RPM packages. On the minimal version of Photon OS, you can install yum by using tdnf if you are unconcerned with the size of the operating system: 

+

+	tdnf install yum

+

+### Configuration Files and Repositories

+

+The main configuration files reside in /etc/tdnf/tdnf.conf. The configuration file looks like this: 

+

+	cat /etc/tdnf/tdnf.conf

+	[main]

+	gpgcheck=1

+	installonly_limit=3

+	clean_requirements_on_remove=true

+	repodir=/etc/yum.repos.d

+	cachedir=/var/cache/tdnf

+

+The cache files for data and metadata reside in /var/cache/tdnf. 

+

+The repositories appear in /etc/yum.repos.d/ with `.repo` file extensions:

+

+	ls /etc/yum.repos.d/

+	lightwave.repo

+	photon-extras.repo

+	photon-iso.repo

+	photon-updates.repo

+	photon.repo 

+

+You can list the the repositories by using the tdnf repolist command. Tdnf filters the results with `enabled`, `disabled`, and `all`. Running the command without specifying an argument returns the enabled repositories:  

+

+	tdnf repolist

+	repo id             repo name                               status

+	lightwave           VMware Lightwave 1.0(x86_64)            enabled

+	photon-updates      VMware Photon Linux 1.0(x86_64)Updates  enabled

+	photon-extras       VMware Photon Extras 1.0(x86_64)        enabled

+	photon              VMware Photon Linux 1.0(x86_64)         enabled

+

+The photon-iso.repo, however, does not appear in the list of repositories because it is unavailable on the virtual machine from which these examples are taken. Photon-iso.repo is the default repository; it points to /media/cdrom. The contents of photon-iso.repo look like this: 

+

+	cat /etc/yum.repos.d/photon-iso.repo

+	[photon-iso]

+	name=VMWare Photon Linux 1.0(x86_64)

+	baseurl=file:///mnt/cdrom/RPMS

+	gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY

+	gpgcheck=1

+	enabled=0

+	skip_if_unavailable=True

+

+The local cache is populated with data from the repository: 

+

+	ls -l /var/cache/tdnf/photon

+	total 8

+	drwxr-xr-x 2 root root 4096 May 18 22:52 repodata

+	d-wxr----t 3 root root 4096 May  3 22:51 rpms

+

+You can clear the cache to help troubleshoot a problem, but keep in mind that doing so might slow the performance of tdnf until the cache becomes repopulated with data. Here is how to clear the cache: 

+

+	tdnf clean all

+	Cleaning repos: photon photon-extras photon-updates lightwave

+	Cleaning up everything

+

+The command purges the repository data from the cache: 

+

+	ls -l /var/cache/tdnf/photon

+	total 4

+	d-wxr----t 3 root root 4096 May  3 22:51 rpms

+

+### Options for Commands

+

+You can add the following options to tdnf commands. If the option to override a configuration is unavailable in a command, consider adding it to the configuration file, /etc/tdnf/tdnf.conf.

+

+	OPTION 					DESCRIPTION

+	--allowerasing 			Allow erasing of installed packages to resolve dependencies

+	--assumeno 				Answer no for all questions

+	--best 					Try the best available package versions in transactions

+	--debugsolver 			Dump data aiding in dependency solver debugging info.

+	--disablerepo=<repoid> 	Disable specific repositories by an id or a glob.

+	--enablerepo=<repoid> 	Enable specific repositories

+	-h, --help 				Display help

+	--refresh 				Set metadata as expired before running command

+	--nogpgcheck 			Skip gpg check on packages

+	--rpmverbosity=<debug level name> 	Debug level for rpm

+	--version 				Print version and exit

+	-y, --assumeyes 		Answer yes to all questions

+

+Here is an example that adds the short form of the `assumeyes` option to the install command:

+

+	tdnf -y install gcc

+	Upgrading:

+	gcc 	x86_64	5.3.0-1.ph1 	91.35 M

+

+

+### Commands

+

+**check-local**: This command resolves dependencies by using the local RPMs to help check RPMs for quality assurance before publishing them. To check RPMs with this command, you must create a local directory and place your RPMs in it. The command, which includes no options, takes the path to the local directory containing the RPMs as its argument. The command does not, however, recursively parse directories; it checks the RPMs only in the directory that you specify. For example, after creating a directory named `/tmp/myrpms` and placing your RPMs in it, you can run the following command to check them:  

+

+	tdnf check-local /tmp/myrpms

+	Checking all packages from: /tmp/myrpms

+	Found 10 packages

+	Check completed without issues

+

+**check-update**: This command checks for updates to packages. It takes no arguments. The `tdnf list updates` command performs the same function. Here is an example of the `check update` command: 

+

+	tdnf check-update

+	rpm-devel.x86_64 	4.11.2-8.ph1 	photon

+	yum.noarch      	3.4.3-3.ph1 	photon

+

+**clean**: This command cleans up temporary files, data, and metadata. It takes the argument `all`. Example: 

+

+	tdnf clean all

+	Cleaning repos: photon photon-extras photon-updates lightwave

+	Cleaning up everything

+

+**distro-sync**: This command synchronizes the machine's RPMs with the latest version of all the packages in the repository. Abridged example:

+

+	tdnf distro-sync

+

+	Upgrading:

+	zookeeper                             x86_64        3.4.8-2.ph1               3.38 M

+	yum                                   noarch        3.4.3-3.ph1               4.18 M

+

+	Total installed size: 113.01 M

+

+	Reinstalling:

+	zlib-devel                            x86_64        1.2.8-2.ph1             244.25 k

+	zlib                                  x86_64        1.2.8-2.ph1             103.93 k

+	yum-metadata-parser                   x86_64        1.1.4-1.ph1              57.10 k

+

+	Total installed size: 1.75 G

+

+	Obsoleting:

+	tftp                                  x86_64        5.2-3.ph1                32.99 k

+

+	Total installed size: 32.99 k

+	Is this ok [y/N]:

+

+**downgrade**: This command downgrades the package that you specify as an argument to the next lower package version. Example: 

+

+	tdnf downgrade boost

+	Downgrading:

+	boost                                 x86_64        1.56.0-2.ph1              8.20 M

+	Total installed size: 8.20 M

+	Is this ok [y/N]:y

+	Downloading:

+	boost                                  2591470    100%

+	Testing transaction

+	Running transaction

+	Complete!

+

+To downgrade to a version lower than the next one, you must specify it by name, epoch, version, and release, all properly hyphenated. Example: 

+

+	tdnf downgrade boost-1.56.0-2.ph1 

+

+**erase**: This command removes the package that you specify as an argument. Example: 

+

+	tdnf erase vim

+	Removing:

+	vim                                   x86_64        7.4-4.ph1                 1.94 M

+	Total installed size: 1.94 M

+	Is this ok [y/N]:

+

+You can also erase multiple packages: 

+

+	tdnf erase docker cloud-init

+

+**info**: This command displays information about packages. It can take the name of a package. Or it can take one of the following arguments: all, available, installed, extras, obsoletes, recent, upgrades. Examples: 

+

+	tdnf info ruby

+	tdnf info obsoletes

+	tdnf info upgrades

+

+**install**: This command takes the name of a package as its argument. It then installs the package and its dependencies. Examples: 

+

+	tdnf install kubernetes

+

+You can also install multiple packages: 

+

+	tdnf install python-curses lsof audit gettext chkconfig ntsysv bindutils 

+		 wget gawk irqbalance lvm2 cifs-utils c-ares distrib-compat

+	

+

+**list**: This command lists the packages of the package that you specify as the argument. The command can take one of the following arguments: all, available, installed, extras, obsoletes, recent, upgrades. 

+

+	tdnf list updates

+

+The list of packages might be long. To more easily view it, you can concatenate it into a text file, and then open the text file in a text editor: 

+

+	tdnf list all > pkgs.txt

+	vi pkgs.txt

+

+**makecache**: This command updates the cached binary metadata for all known repositories. Example:

+

+	tdnf makecache

+	Refreshing metadata for: 'VMware Lightwave 1.0(x86_64)'

+	Refreshing metadata for: 'VMware Photon Linux 1.0(x86_64)Updates'

+	Refreshing metadata for: 'VMware Photon Extras 1.0(x86_64)'

+	Refreshing metadata for: 'VMware Photon Linux 1.0(x86_64)'

+	Metadata cache created.

+

+**provides**: This command finds the packages that provide the package that you supply as an argument. Examples: 

+

+	tdnf provides docker

+	docker-1.11.0-1.ph1.x86_64 : Docker

+	Repo     : photon

+	docker-1.11.0-1.ph1.x86_64 : Docker

+	Repo     : @System

+

+**reinstall**: This command reinstalls the packages that you specify. If some packages are unavailable or not installed, the command fails. Example: 

+

+	tdnf reinstall docker kubernetes

+

+	Reinstalling:

+	kubernetes                            x86_64        1.1.8-1.ph1             152.95 M

+	docker                                x86_64        1.11.0-1.ph1             57.20 M

+

+	Total installed size: 210.15 M

+

+**remove**: This command removes a package. When removing a package, tdnf by default also removes dependencies that are no longer used if they were was installed by tdnf as a dependency without being explicitly requested by a user. You can modify the dependency removal by changing the `clean_requirements_on_remove` option in /etc/tdnf/tdnf.conf to `false`. 

+

+	tdnf remove packagename

+

+**search**: This command searches for the attributes of packages. The argument can be the names of packages, as this example testifies: 

+

+	tdnf search docker kubernetes

+	docker : Docker

+	docker : Docker

+	docker-debuginfo : Debug information for package docker

+	docker : Docker

+	kubernetes : Kubernetes cluster management

+	kubernetes : Kubernetes cluster management

+	kubernetes-debuginfo : Debug information for package kubernetes

+	kubernetes : Kubernetes cluster management

+

+The argument of the search command can also be a keyword or a combination of keywords and packages: 

+

+	tdnf search terminal bash

+	rubygem-terminal-table : Simple, feature rich ascii table generation library

+	ncurses : Libraries for terminal handling of character screens

+	mingetty : A minimal getty program for virtual terminals

+	ncurses : Libraries for terminal handling of character screens

+	ncurses : Libraries for terminal handling of character screens

+	bash : Bourne-Again SHell

+	bash-lang : Additional language files for bash

+	bash-lang : Additional language files for bash

+	bash : Bourne-Again SHell

+	bash-debuginfo : Debug information for package bash

+	bash : Bourne-Again SHell

+	bash-lang : Additional language files for bash

+

+**upgrade**: This command upgrades the package or packages that you specify to an available higher version that tdnf can resolve. If the package is already the latest version, the command returns `Nothing to do`. Example: 

+

+	tdnf upgrade boost

+

+	Upgrading:

+	boost                                 x86_64        1.60.0-1.ph1              8.11 M

+

+	Total installed size: 8.11 M

+	Is this ok [y/N]:y

+

+	Downloading:

+	boost                                  2785950    100%

+	Testing transaction

+	Running transaction

+

+	Complete!

+

+You can also run the `upgrade` command with the `refresh` option to update the cached metadata with the latest information from the repositories. The following example refreshes the metadata and then checks for a new version of tdnf but does not find one, so tdnf takes no action: 

+

+	tdnf upgrade tdnf --refresh

+	Refreshing metadata for: 'VMware Lightwave 1.0(x86_64)'

+	Refreshing metadata for: 'VMware Photon Linux 1.0(x86_64)Updates'

+	Refreshing metadata for: 'VMware Photon Extras 1.0(x86_64)'

+	Refreshing metadata for: 'VMware Photon Linux 1.0(x86_64)'

+	Nothing to do.

+

+**upgrade-to**: This command upgrades to the version of the package that you specify. Example:

+

+	tdnf upgrade-to ruby2.3

+

+The commands and options of tdnf are, at present, a subset of those of dnf. For more help with tdnf commands, see the [DNF documentation](https://media.readthedocs.org/pdf/dnf/latest/dnf.pdf).

+

+### Adding a New Repository

+

+With Photon OS, you can add a new repository from which tdnf installs packages. To do so, you create a repository configuration file with a `.repo` extension and place it in /etc/yum.repos.d. The repository can be on either the Internet or a local server containing your in-house applications. 

+

+Be careful if you add a repository that's on the Internet: Installing packages from untrusted or unverified sources might put the security, stability, or compatibility of your system at risk. It might also make your system harder to maintain.  

+

+On Photon OS, the existing repositories appear in /etc/yum.repos.d:

+

+	ls /etc/yum.repos.d/

+	lightwave.repo

+	photon-extras.repo

+	photon-iso.repo

+	photon-updates.repo

+	photon.repo 

+

+Looking at one of the `.repo` files reveals the format and information that a new repository configuration file should contain:

+

+	cat /etc/yum.repos.d/lightwave.repo

+	[lightwave]

+	name=VMware Lightwave 1.0(x86_64)

+	baseurl=https://dl.bintray.com/vmware/lightwave

+	gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY

+	gpgcheck=1

+	enabled=1

+	skip_if_unavailable=True

+

+The minimal information needed to establish a repository is an ID and human-readable name of the repository and its base URL. The ID, which appears in square brackets, must be one word that is unique amoung the system's repositories; in the example above, it is `[lightwave]`.

+

+The `baseurl` is a URL for the repository's repodata directory. For a repository on a local server that can be accessed directly or mounted as a file system, the base URL can be a file referenced by `file://`. Example:  

+

+	baseurl=file:///server/repo/

+

+The `gpgcheck` setting specifies whether to check the GPG signature. The `gpgkey` setting furnishes the URL for the repository's ASCII-armored GPG key file. Tdnf uses the GPG key to verify a package if its key has not been imported into the RPM database.

+

+The `enabled` setting tells tdnf whether to poll the repository. If `enabled` is set to `1`, tdnf polls it; if it is set to `0`, tdnf ignores it. 

+

+The `skip_if_unavailable` setting instructs tdnf to continue running if the repository goes offline.

+

+Other options and variables can appear in the repository file. The variables that go with some of the options can reduce future changes to the repository configuration files. There are variables to replace the value of the version of the package and to replace the base architecture. For more information, see the man page for yum.conf on the full version of Photon OS: `man yum.conf`

+

+Here is an example of how to add a new repository for a local server that tdnf polls for packages:

+

+	cat > /etc/yum.repos.d/apps.repo << "EOF"

+	[localapps]

+	name=Local In-House Applications(x86_64)

+	baseurl=file:///appserver/apps

+	enabled=1

+	skip_if_unavailable=True

+	EOF

+

+Because this new repository resides on a local server, make sure the Photon OS machine can connect to it by, for instance, mounting it. 

+

+After establishing a new repository, you must run the following command to update the cached binary metadata for the repositories that tdnf polls. Example:

+

+	tdnf makecache

+	Refreshing metadata for: 'VMware Lightwave 1.0(x86_64)'

+	Refreshing metadata for: 'VMware Photon Linux 1.0(x86_64)Updates'

+	Refreshing metadata for: 'VMware Photon Extras 1.0(x86_64)'

+	Refreshing metadata for: 'Local In-House Applications(x86_64)'

+	Refreshing metadata for: 'VMware Photon Linux 1.0(x86_64)'

+	Metadata cache created.

+

+## Managing Services with systemd

+

+Photon OS manages services with systemd. By using systemd, Photon OS adopts a contemporary Linux standard to bootstrap the user space and concurrently start services---an architecture that differs from traditional Linux systems such as SUSE Linux Enterprise Server. 

+

+A traditional Linux system contains an initialization system called SysVinit. With SLES 11, for instance, SysVinit-style init programs control how the system starts up and shuts down. Init implements system runlevels. A SysVinit runlevel defines a state in which a  process or service runs. 

+

+In contrast to a SysVinit system, systemd defines no such runlevels. Instead, systemd uses a dependency tree of targets to determine which services to start when. Combined with the declarative nature of systemd commands, systemd targets reduce the amount of code needed to run a command, leaving you with code that is easier to maintain and probably faster to execute. For an overview of systemd, see [systemd System and Service Manager](https://www.freedesktop.org/wiki/Software/systemd/) and the [man page for systemd](https://www.freedesktop.org/software/systemd/man/systemd.html).

+

+On Photon OS, you should manage services with systemd and its command-line utility for inspecting and controlling the system, `systemctl`, not the deprecated commands of init.d. 

+

+The following sections present a brief overview of useful systemctl commands and options for examining and managing the state of systemd services. For more information, see the index of all the systemd man pages, including systemctl, at the following URL: 

+

+[https://www.freedesktop.org/software/systemd/man/](https://www.freedesktop.org/software/systemd/man/)

+

+### Viewing Services 

+

+To view a description of all the active, loaded units, execute the systemctl command without any options or arguments: 

+

+	systemctl

+

+To see all the loaded, active, and inactive units and their description, run this command: 

+

+	systemctl --all

+

+To see all the unit files and their current status but no description, run this command: 

+

+	systemctl list-unit-files

+

+The `grep` command filters the services by a search term, a helpful tactic to recall the exact name of a unit file without looking through a long list of names. Example: 

+

+	systemctl list-unit-files | grep network

+	org.freedesktop.network1.busname           static

+	dbus-org.freedesktop.network1.service      enabled

+	systemd-networkd-wait-online.service       enabled

+	systemd-networkd.service                   enabled

+	systemd-networkd.socket                    enabled

+	network-online.target                      static

+	network-pre.target                         static

+	network.target                             static

+

+### Controlling Services

+

+To control services on Photon OS, you use systemctl. For example, instead of running the /etc/init.d/ssh script to stop and start the OpenSSH server on a init.d-based Linux system, you run the following systemctl commands on Photon OS: 

+

+	systemctl stop sshd

+	systemctl start sshd

+

+The systemctl tool includes a range of commands and options for inspecting and controlling the state of systemd and the service manager; for more information, see the [systemctl man page](https://www.freedesktop.org/software/systemd/man/systemctl.html).

+

+### Creating a Startup Service

+

+This section shows you how to create a systemd startup service that changes the maximum transmission unit, or MTU, of the default Ethernet connection, eth0.

+

+First, concatenate the following block of code into a file: 

+	

+	cat << EOF >> /lib/systemd/system/eth0.service

+	[Unit]

+	Description=Network interface initialization

+	After=local-fs.target network-online.target network.target

+	Wants=local-fs.target network-online.target network.target

+

+	[Service]

+	ExecStart=/bin/ifconfig eth0 mtu 1460 up

+	Type=oneshot

+

+	[Install]

+	WantedBy=multi-user.target

+	EOF

+

+Second, set the service to auto-start when the system boots: 

+

+	cd /lib/systemd/system/multi-user.target.wants/

+	ln -s ../eth0.service eth0.service

+

+### Disabling the Photon OS httpd.service 

+

+If your application or appliance includes its own HTTP server, you should turn off and disable the HTTP server that comes with Photon OS so that it does not conflict with your own HTTP server. 

+

+To support the option to run RPM-OSTree, the full version of Photon OS runs the <code>httpd.service</code> by default. To stop it and disable it, run the following commands as root: 

+

+	systemctl stop httpd.service

+	systemctl disable httpd.service

+

+### Auditing System Events with auditd

+

+Because Photon OS emphasizes security, the Linux auditing service, auditd, is enabled and active by default on the full version of Photon OS: 

+

+	systemctl status auditd

+	* auditd.service - Security Auditing Service

+	   Loaded: loaded (/usr/lib/systemd/system/auditd.service; enabled; vendor preset: enabled)

+	   Active: active (running) since Fri 2016-04-29 15:08:50 UTC; 1 months 9 days ago

+	 Main PID: 250 (auditd)

+	   CGroup: /system.slice/auditd.service

+	           `-250 /sbin/auditd -n

+

+To help improve security, the auditd service can monitor file changes, system calls, executed commands, authentication events, and network access. After you implement an audit rule to monitor an event, the `aureport` tool generates reports to display information about the events. 

+

+You can, for instance, use the auditctl utility to set a rule that monitors the sudoers file for changes:

+

+	auditctl -w /etc/sudoers -p wa -k sudoers_changes

+

+This rule specifies that the auditd service watch (`-w`) the /etc/sudoers file to log permissions changes (`p`) to the write access (`w`) or attributes (`a`) of the file and to identify them in logs as `sudoers_changes`. The auditing logs appear in /var/log/audit/audit.log. You can list the auditing rules like this: 

+

+	auditctl -l

+	-w /etc/sudoers -p wa -k sudoers_changes

+

+For more information on the Linux Audit Daemon, see its man page on Photon OS: 

+

+	man auditd

+

+For more information on setting auditing rules and options with auditctl, see its man page:

+

+	man auditctl

+

+For more information on viewing reports on audited events, see the aureport man page:

+

+	man aureport

+

+### Analyzing systemd Logs with journalctl

+

+The journalctl tool queries the contents of the systemd journal. For help troubleshooting systemd, two journalctl queries are particularly useful: showing the log entries for the last boot and showing the log entries for a systemd service unit. 

+

+This command displays the messages that systemd generated during the last time the machine started: 

+

+	journalctl -b

+

+This command reveals the messages for only the systemd service unit specified by the `-u` option, which is auditd in the following example: 

+

+	journalctl -u auditd

+

+For more information, see the journalctl man page: `man journalctl`

+

+### Migrating Scripts to systemd

+

+Although systemd maintains compatibility with init.d scripts, you should, as a best practice, adapt the scripts that you want to run on Photon OS to systemd to avoid potential problems. Such a conversion standardizes the scripts, reduces the footprint of your code, makes the scripts easier to read and maintain, and improves their robustness on a systemd system.

+

+## Managing the Network Configuration

+

+The network service, which is enabled by default, starts when the system boots. You manage the network service by using systemd commands, such as systemd-networkd, systemd-resolvd, and networkctl. You can check its status of the network service by running the following command: 

+

+	systemctl status systemd-networkd

+

+Here is a healthy result of the command: 

+

+	* systemd-networkd.service - Network Service

+	   Loaded: loaded (/usr/lib/systemd/system/systemd-networkd.service; enabled; vendor preset: enabled)

+	   Active: active (running) since Fri 2016-04-29 15:08:51 UTC; 6 days ago

+	     Docs: man:systemd-networkd.service(8)

+	 Main PID: 291 (systemd-network)

+	   Status: "Processing requests..."

+	   CGroup: /system.slice/systemd-networkd.service

+	           `-291 /lib/systemd/systemd-networkd

+

+Because Photon OS relies on systemd to manage services, you should employ the systemd suite of commands, not deprecated init.d commands or other deprecated commands, to manage networking. 

+

+### Use `ip` and `ss` Commands Instead of `ifconfig` and `netstat`

+