Skip to content


enable Ruby environment on RHEL (ULN)

So far, I did Lisp, C, csh/ksh/bsh, perl. Now it seems to me that the wind is blowing stronger in the “infrastructure” than in the “administration” direction, which for me indicates the need for ruby…. or maybe it is just a fashion thing. I am not sure about it but I am sure that the time has come to learn Ruby, really.

On my RHEL 6 box, after a few installs of different ruby packages, I still could not get irb (the interactive ruby environment) to work…

# yum list installed | grep ruby | awk '{print $1}'
ruby.x86_64                  
ruby-libs.x86_64             
ruby200.x86_64               
ruby200-ruby.x86_64          
ruby200-ruby-irb.noarch      
ruby200-ruby-libs.x86_64     
ruby200-rubygem-bigdecimal.x86_64
ruby200-rubygem-io-console.x86_64
ruby200-rubygem-json.x86_64  
ruby200-rubygem-psych.x86_64 
ruby200-rubygem-rdoc.noarch  
ruby200-rubygems.x86_64      
ruby200-runtime.x86_64

It absolutely sucks! And it does it just the same every time I attempt to do something new without reading first the instruction to use! Well, what else can I say but – it is so entertaining!
Let’s start cleaning my own mess.

# yum -y remove ruby200 ruby200-ruby-libs ruby200-runtime

Next, I spent several minutes reading this link – http://developers.redhat.com/products/softwarecollections/get-started-rhel7-ruby/

I proceed anew, with the freshly acquired knowledge:

# yum install rh-ruby22

For this process to work, the host has to subscribe to the rhel-x86_64-server-optional-6 channel of your spacewalk/satellite or rhn. For RHEL 7 the 6 in the repo name changes to 7.
Now, I will use scl (Setup and run software from Software Collection environment) to enable and to add the just installed RH-Ruby 2.2 to my environment.

# scl enable rh-ruby22 bash

Next, the ultimate test – do i have irb or not?

# irb
irb(main):001:0> puts "Hello, Red Hat Developers World from Ruby " + RUBY_VERSION
Hello, Red Hat Developers World from Ruby 2.2.2
=> nil
irb(main):002:0> quit

Sweet! I have what I need to continue reading the “Computer Science Programming Basics with RUBY” by Ophir Frieder, Gideon Frieder, and David Grossman. Well, it is time to turn another page.

Posted in Linux.

Tagged with , , , , , , , .


Is this errata applicable to my host or not?

How to check if a give errata is applicable to a host? If on RHEL6 make sure the the yum-plugin-security is installed (it is part of yum in RHEL7).

# yum -y install yum-plugin-security 

Next with the errata label in hand, for example CVE-2016-0728, execute:

# yum updateinfo info --cve CVE-2016-0728
Loaded plugins: aliases, changelog, presto, refresh-packagekit, rhnplugin, security, tmprepo, ulninfo, verify,
: versionlock
This system is receiving updates from ULN.
CVE "CVE-2016-0728" not found applicable for this system 
updateinfo info done

To install only a particular errata or CVE, for example:

# yum -y update --cve CVE-2012-3954
# yum -y update --advisory ELSA-2012-1141

Posted in LINUX.

Tagged with , , , , .


OpenSCAP for Oracle Linux 6

SCAP addresses the security and venerability aspect of host existence. Lately you can get free the same tools others charge for to scan a host and list its missing patches or known venerability.
You start installing the required rpms from the Oracle network.

# yum -y install openscap openscap-utils scap-security-guide

Next, download and unpack Oracle’s OVAL definitions for all errata from ULN.

# wget \
-q -N http://linux.oracle.com/security/oval/com.oracle.elsa-all.xml.bz2
# bzip2 -d -f com.oracle.elsa-all.xml.bz2

I actually download the errata daily to be certain I always have the current ones.

At this time, you can “scan” your host for known patches as follows:

# oscap oval eval --results elsa-results-oval.xml \
--report $Destination/`hostname -s`-PatchingReport.html \
com.oracle.elsa-all.xml

The next command generates list of all known vulnerabilities effecting the host.

# oscap xccdf eval --profile server \
--results $Destination/`hostname -s`-Venerability.xml \
--report $Destination/`hostname -s`-VenerabilityReport.html --cpe \
/usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml \
/usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml

This one creates a manual (good reading indeed) explaining the nature of vulnerabilities and how to fix them.

# oscap xccdf generate guide --profile server \
--cpe /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml \
/usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml > \
$Destination/`hostname -s`-SecurityGuide.html

In my case, the “$Destination” variable points to an http server public directory which provides me with a single place from where I can view all this information.

Posted in Linux.

Tagged with , , .


Network issues after NIC change (RHEL7.2) …..

A guest had to be “relocated” to DMZ, which in reality meant changing it NIC and giving it a new IP/Netmask/Router. But there was no network adapter “inside” the guest…. The ip a command showed only the loopback adapter and nothing else. In the /etc/sysconfig/*scripts, there was the file for an ifcfg-eno* adapter with correct values inside but usable network connectivity.

Just but a pure luck (I really had no idea what to change) this situation was resolved editing the /etc/default/grub file but appending net.ifnames=0 biosdevname=0 to the kernel parameters line as shown bellow (the whole file is shown)

GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=rootvg/vol01 rd.lvm.lv=rootvg/swap rd.lvm.lv=rootvg/vol07 net.ifnames=0 biosdevname=0"
GRUB_DISABLE_RECOVERY="true"

Attention: in reality, every entry is a single line not like in output above where the GRUB_CMDLINE_LINUX is split into two lines!!!!

The last “edits” where enabled executing this command.

# grub2-mkconfig -o /boot/grub2/grub.cfg

Lastly the ifcfg-eno* file was moved to ifcfg-eth* and the guest rebooted.

After the reboot, the host had a working eth0 adapter and everything was was OK again.

I do not think, that this is the real solution. I think, the lack of the eno16780032 device and the lack of luck of bringing it on-line is still an unresolved issue….. I just found a way around the issue.

Posted in Linux.

Tagged with , , , , , , , , .


Setting NFS server on RHEL and ULN 6..

Trying to set NFS server may turn to be an unnecessary “excitement” if you forget that on some LINUXes (like RHEL, Centos, ULN version 6 and above) portmap does no longer exist because it is now a part and it is now controlled by rpcbind service…..

# service portmap start
portmap: unrecognized service

NFS server can be set configured and activated as long as these two rpms are loaded:

# rpm -q | grep nfs
nfs-utils-lib-1.1.5-11.el6.x86_64
nfs-utils-1.2.3-64.el6.x86_64

All that need to be done are the following steps.

# service rpcbind start
Starting rpcbind:                                          [  OK  ]
#
# service nfs start
Starting NFS services:                                     [  OK  ]
Starting NFS quotas:                                       [  OK  ]
Starting NFS mountd:                                       [  OK  ]
Starting NFS daemon:                                       [  OK  ]
Starting RPC idmapd:                                       [  OK  ]

To start NFS services at the boot time, we need to make it known with the next two commands.

# chkconfig rpcbind on
# chkconfig nfs on

Well, you have to designate a file system that you will be exporting and edit the /etc/exports followed by execution of the command exportfs -a. On the client, you should be able to “see” this file system executing the command showmount -e nfs_servername where the last is the name or IP address of the nfs server you will be exporting from.

Posted in LINUX.

Tagged with , , , , , , , .


manipulating disks in KickStart script

this post is an attempt to explain how to define disks in a KickStart script. What is KickStart? It is a LINUX installation method similar to NIM in the case of AIX. Target of KickStart installation must have at least one disk. Often, KickStart target has more than one disks that can all be configured and used by KickStart for LINUX installation,
Let’s discuss a simple case (no RAID involved) where your KickStart script (the document itemizing all steps to be taken during operating system installation) may be employed against machines with a different number of disks, let’s say one or two? In each case, we want LVM to manage all partitions (logical volumes) except the boot one.
Why to involve LINUX LVM? For comfort, so when all space in a file system is gone you can make it bigger (as long as there is free space in the disk group). To make it clear, regardless of the number of disks present, we want the boot volume to be on a separate disk either as a disk partitions (sda1) or a physical disk (sda) and the remaining capacity either sda2 or sdb to be governed by LVM.

It is obvious that our first task is to identify the number of disks. One could use quite a few methods to answer this question. If dealing with a standalone KickStart we could answer this question with the following command:

COUNT=`lsblk | grep disk | wc -l`

The lsblk command is a real gem, I recommend reading it man page.

If your KickStart is part of Satellite (Spacewalk) environment you could also determine the number of drive using one of its build-in variables as shown next.

set $(list-harddrives)
let numd=$#/2
d1=$1
d2=$2

In the case of a two physical disks host $1=sda and $2=sdb.
In either case, in our server room the /boot volume always reside in a partition on the first physical disk aka sda, which is declared on the following line.

 part /boot --fstype ext3 --size=360 --ondisk=sda"

The statement above, will create sda1 partition for /boot volume.

If the target system has only one disk, the the parted command will use the remainder of sda “giving” it to LVM as the device called pv.22. The last name was selected completely arbitrary by yours truly.
If the target system has two disks, the first physical disk sda will receive only the /boot volume. The second physical disk (sdb) will be given whole to LVM also as pv.22.

Now, the code. Note that if the target host has one disk the COUNT variable contains 1 and a larger number otherwise. Here, we are interested only in the first two disk.

if [ ${COUNT} -eq "1" ]
then
        part pv.22 --fstype=lvmpv --ondisk=sda --grow"
else
        part pv.22 --fstype=lvmpv --ondisk=sdb --grow"
fi 

KickStart will create the volume group (vg0) from pv.22. Its size will be established dynamically because parted was invoked with the --grow directive.

volgroup vg0 pv.22

Finally, the logvol command creates identified file systems in the given volume group.

logvol / 	 --fstype=ext4 --name=lv01 --vgname=vg0 --size=1024
logvol /tmp 	 --fstype=ext4 --name=lv02 --vgname=vg0 --size=2048
logvol /var 	 --fstype=ext4 --name=lv03 --vgname=vg0 --size=2048
logvol /var/log  --fstype=ext4 --name=lv04 --vgname=vg0 --size=4096
logvol /usr 	 --fstype=ext4 --name=lv05 --vgname=vg0 --size=4096
logvol /opt 	 --fstype=ext4 --name=lv06 --vgname=vg0 --size=4096
logvol /home 	 --fstype=ext4 --name=lv07 --vgname=vg0 --size=4096
logvol swap 	 --fstype=swap --name=swap --vgname=vg0 --size=2048

Posted in LINUX.


Converting RHEL6 to Oracle Unbreakable Linux Network ULN6 and Ksplice

Why, you ask? To be able to patch with no reboots……. Good enough? If this reason is good for you, follow the process bellow.

# wget http://linux-update.oracle.com/rpms/uln_register.tgz
# wget http://linux-update.oracle.com/rpms/uln_register-gnome.tgz
# yum install rhn-setup-gnome
# tar-xzf uln_register.tgz
# cd uln_migrate
# rpm -Uvh ./*.rpm
# cd /etc/sysconfig/rhn/
# cp up2date.rpmnew up2date
# uln_register
# yum clean all
# yum update yum
# yum -y remove libreport-plugin-rhtsupport 

Login to ULN and subscribe your host to all appropriate for it software channels.
If you wish, install the unbreakable kernel (if you subscribed to the right channel containing it):

# yum -y install kernel-uek k

Update everything and reboot.

# yum -y update

Now, let’s provide our host with the ability to patch on a fly. Register the host with ULN, accept the patching on the fly option and verify that at least these three software channels are assigned to this host: Ksplice of Oracle Linux 6, Unbreakable Enterprise Kernel, (the appropriate release), and Oracle Linux Latest the appropriate version as well. Finally, if host is running ULN 5 or 6 download the uptrack package. For ULN 7 download ksplice. Do not forget to edit configuration file so the host is either patched the moment new “staff” is available or at boot time or leave it the way it is if you patch via cron.
For example, if my ksplice access key is badbeefce0bwdm760270d4252b59d2834609488wmd, then the whole installation process would limit itself to just these two steps:

a. install uptrack and install upgrades/updates at once

# wget -N https://www.ksplice.com/uptrack/install-uptrack
# sh install-uptrack badbeefce0bwdm760270d4252b59d2834609488wmd
# uptrack-upgrade -y

b. install uptrack and allow automatic updates

# wget -N https://www.ksplice.com/uptrack/install-uptrack
# sh install-uptrack badbeefce0bwdm760270d4252b59d2834609488wmd \
                  --autoinstall

To bring your system up to date:

# /usr/sbin/uptrack-upgrade -y

In the examples above, replace uptrack with ksplice if installing on ULN (RHL) version 7. Does uptrack has a configuration file? Yes, look into /etc/uptrack/uptrack.conf
For some, it could be important to know that uptrack/ksplice will work with Debian and Ubuntu too.

At the end – how to disable this mechanism? What follows is straight from the book:

If you want Ksplice to patch user-space processes for certain executable s or libraries, you can specify them in the configuration file /etc/ksplice/blacklist.d/localblacklist.conf. In the following example any executable in /opt/app/bin or /usr/local/bin and any shared libraries whose name matches liblocal-* will not be patched.

[executables]
/usr/opt/bin/*
/usr/local/bin/*

[targets]
liblocal-*

I think, in the case of uptrack the file has to go into /etc/uptrack directory.

Posted in AIX.

Tagged with , , , , , , , , .


How to change NIC name in RHEL7

If cloning a vmware guest running RHEL7 one my no longer notice that network adapter is no longer called eth?… To keep what you are accustomed to see you have to modify the naming convention and like me (for example) associate it with a MAX address. In VVMware mac addresses start with 00:50:56 with this in mind, I modified the file /etc/udev/rules.d/70-persistent-ipoib.rules so now it looks like this:

ACTION=="add", SUBSYSTEM=="net", DRIVERS=="?*", ATTRIB{type}==32, ATTR{address}="?*00:50:56", KERNEL=="eth*", name="eth" 

It is the name='eth" entry that make the network adapters named following the eth? pattern.

Next, we need to disable the “predictable” rules associated with how RHEL7 names network interfaces adding the line in the net.ifnames=0 to the GRUB_CMDLINE_LINUX line of the /etc/default/grub. Next execute the following command to update grub configuration of the current kernel.

# grub2-mkconfig -o /boot/grub2/grub2.cfg

Reboot your guest and its network adapter name should follow the format you are used to see.

Posted in Real life AIX.


Issues with Kickstart disks

A bit of advice. If Kickstart falls to install on one or multiple disks, and you cannot find an error in the KickStart file, and if it is “used” to work before….. Before you get mad try to “sanitize” the disks and try again. Get mad if it is still not working…
How to sanitize?

# dd if=/dev/zero of=/dev/sda size=4096 count=10000

change the disk designation (/dev/sda) accordingly with your situation.

I kept using the same disks to try different “scenarios” and after a while KickStart refused to cooperate…. I noticed strange errors ranging from python errors to "Anaconda died after receiving signal 6" or even errors suggesting bad filters in /etc/lvm/lvm.conf.
Sanitizing all disks associated with my work definitely resolved all my issues.

Posted in Real life AIX.


Satellite 5.7, KickStart and not uploading errata

Last few days, I have been fighting with Satellite. Proving that “misery loves company” our Satellite server stop downloading packages (erratas) and to top it off, KickStart decided to join and stopped being functional… When it rains ….., right?

I suffered with Red Hat support till Stefan got assigned to my CASE. Once, I had an uncle with the same name so I knew that the rescue has arrived. :-)

To make the long story short…. These are the steps that helped me to “unplug” our Satellite:

a. clean its cache

# rm -rf /var/cache/rhn/satsync/* 

b. You may decide to check if all packages from filesystem (Satellite repositories) are in the database. If so be warned – this is a long process….

 # spacewalk-data-fsck -f -v 

c. If something is not right than use the -r option to remove the “missing” package(s) to match what is in the database.

 # spacewalk-data-fsck -f -v -r 

d. Finally, with vengeance synchronize packages and errata.

# satellite-sync --force-all-packages --force-all-erata

KickStart- if you do Rhel7.x installs and see message from dracut announcing that .../image/product.img download failed – do not worry! It is a crap message that has nothing to do with your install….really.

Soon, I will have here the steps to restore Satellite database…….

Posted in LINUX, Satellite.

Tagged with , , , .




Copyright © 2015 - 2016 Waldemar Mark Duszyk. - best viewed with your eyes.. Created by Blog Copyright.