Skip to content

registering ULN 5 with SpaceWalk2.4

For a Oracle Unbreakable Linux 5.x host which previously has been registered with ULN and now you want to register it with you local SpaceWalk server you have to remove these packages:

# rpm -e --nodeps  pirut, up2date up2date-gnome

While still registered with ULN, download (they could be missing) these rpms

# yum install python-dmidecode python-ethtool

Next, create a SpaceWalk tools repo, like for example

name=Spacewalk Client 2.2 for Oracle Linux 5 ($basearch)

With this repo in place, install the following new packages which are the ones that make SpaceWalk registration possible:

# yum install rhn-client-tools \
rhn-check rhn-setup rhnsd m2crypto yum-rhn-plugin

Finally, use the rhn_register to register with your SpaceWalk

Posted in LINUX.

Tagged with , , , , .

Migrate from RedHat to Oracle ULN

I have a bunch of RedHat 6.7 hosts registered with Satellite 5.7 which I am moving to Oracle ULN 6.7 and simultaneously registering with Oracle’s SpaceWalk2.2
Scheduling reboots for patching is just too much pain in a neck.

This is the procedure I follow.

a. disable any repositories found in /etc/yum.repos.d of the host about to be converted.
b. make copies of up2date and systemid files located in the /usr/share/rhn folder just in case, why am I doing it – paranoid?
c. install the keys required by the SpaceWalk and ULN registration process

# wget -q -O /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT  \

# wget -O \

# cd /etc/pki/rpm-gpg; rpm --import RPM-GPG-KEY-oracle

d. register with SpaceWalk executing the following snippet

# rhnreg_ks \
--sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT \
--serverUrl= \
--activationkey=1-15506df7d95db,1-bf89408ea391c867 \

e. clean yum cache and show new repos

# yum clean all; yum repolist

f. remove old version of vmware tools, install the latest vmware-tools repository

# for pkg in `rpm -qa | grep vmware`
  rpm -e -vv --allmatches --nodeps --noscripts --notriggers $pkg

# cd /usr/lib
# rm -rf ./vmware-tools
# cd /etc
# rm -rf ./vmware-tools

# rpm -ivh

# rpm --import

g. install Oracle logos

# yumdownloader oraclelinux-release.x86_64 \

# rpm -Uhv --force oraclelinux-release*

# yum install oracle-logos.noarch

h. install ULN support packages, install vmware, etc.

# yum -y shell
remove libreport-plugin-rhtsupport php-common-5.3.3-46.el6_7.1.x86_64 
remove kernel-firmware.noarch
update libreport abrt
install php55 php55-ldap 
install kernel-uek kernel-uek-firmware uptrack-offline
install vmware-tools-esx-kmods vmware-tools-esx

# yum -y install uptrack-updates-`uname -r`;yum -y update

The running kernel is still the “old” one

# # uptrack-uname -r

Check that the kernel in force following the next reboot is the Unbreakable one.

# cat /boot/grub/grub.conf
password --encrypted $1$NaCl$BQ1C3cAnHEG4PprqLREJa1
title Oracle Linux Server Unbreakable Enterprise Kernel (3.8.13-118.4.2.el6uek.x86_64)
        root (hd0,0)
        kernel /vmlinuz-3.8.13-118.4.2.el6uek.x86_64 .....

Posted in LINUX, NonAix, Satellite.

Tagged with , , , , , , , .

the latest take on installing/patching VMWare tools

I have a set of rel6.x RedHat and Oracle Linux guests with outdated and some with no “tools” installed at all. Bellow, is my latest take on on “patching/re-installing”.

Just in the case the this has previously been installed.


Just in the case, there are vmware packages laying around.

# for pkg in `rpm -qa | grep vmware`; do rpm -e -vv --allmatches --nodeps --noscripts --notriggers $pkg; done

Remove any previous “leftover” directories.

# cd /usr/lib
# rm -rf ./vmware-tools
# cd /etc
# rm -rf ./vmware-tools

Install VMWare repository of the appropriate version.

# rpm -ivh 

Just in the case the keys have never been installed or they are gone.

# rpm --import

Finally, we are ready to roll and do the install.

# yum -y install vmware-tools-esx-kmods vmware-tools-esx

As the last step, login to vCenter GUI and see the tools running under the guest management.

Posted in LINUX.

Tagged with , , , .

OSA-dispatcher failing with Invalid password

There was no communication between SpaceWalk 2.2 server and its clients and the contents of the /var/log/rhn/osa-dispatcher.log were showing these messages:

2016/03/28 11:46:58 -04:00 16874 osad/jabber_lib.__init__
2016/03/28 11:46:58 -04:00 16874 osad/jabber_lib.setup_connection('Connected to jabber server', '')
2016/03/28 11:46:58 -04:00 16874 osad/jabber_lib.register('ERROR', 'Invalid password')
2016/03/30 11:15:06 -04:00 873 rhnSQL/driver_cx_Oracle.connect('Connecting to database', 'spacewalk@//localhost/spacedb')

These steps resolved all issues:

# service jabberd stop
# service osa-dispatcher stop
# rm -f /var/lib/jabberd/db/*
# service jabberd start 
# sleep 10
# service osa-dispatcher start

Posted in Satellite.

Tagged with .

RedHat 7 and vmware-tools

If vmware Redhat “guest” will be used as a template or it could be relocated as part of SRM than it has to have the open-vm-tools-deploypkg package installed. To do it requires the following steps.

a. Download VMware Public keys

# wget
# wget

b. Import each of the two keys (that’s a double dash in front of import):

# rpm –import
# rpm –import

c. Create the yum repository by creating a file called /etc/yum.repos.d/vmware-tools.repo containing the following text:

name = VMware Tools
baseurl =
enabled = 1
gpgcheck = 1

d. Remove the already installed open-vm-tools (comes with RedHat ISO image).

sudo yum remove open-vm-tools

e. Install open-vm-tools-deploypkg, which will pull in the correct version of the package you removed in the previous step.

# yum -y install open-vm-tools-deploypkg

f. To start vmware service:

# systemctl on vmtoolsd

g. To start it with the guest power on:

# systemctl enable vmtoolsd

This is all.

Posted in Linux, LINUX.

linux – installing packages without access to repos

Apparently to install Spacewalk on Oracle Linux box it must not be registered with ULN, which means no trace of Oracle repos in the /etc/yum.repos.d….
I am configuring Spacewalk. It accepts all the info it needs (TNS name, user, password, remote host, etc) by eventually it fails saying that it cannot manipulates tables …..
I open a ticket with Oracle. Over twenty-four our later Oracle sup
ports calls me asking for the SOS report …..
I installed this machine with a very minimal number of packages, I did it intentionally and as the result this box does not have spacewalk on board.

How am I going to get the sos package installed if this host should not be registered with Oracle ULN?

I have many Oracle ULN and Red Hat boxes around. So after login into one Oracle ULN host, I execute the following command:

# yumdownloader --destdir /var/tmp sos

The SOS above is the package name containing the sosreport command.

# ls -l /var/tmp
total 312
-rw-r--r-- 1 root root 316936 Feb  9 04:45 sos-3.2-28.0.1.el6_7.2.noarch.rpm

After moving this rpm to the future Spacewalk machine, it is installed by yum, which is instructed to look for it locally.

# yum -y localinstall sos-3.2-28.0.1.el6_7.2.noarch.rpm

Finally, I can create the report and send it to Oracle Support.

Posted in LINUX.

Tagged with .

enable Ruby environment on RHEL (ULN)

So far, I did Lisp, C, csh/ksh/bsh, perl. Now it seems to me that the wind is blowing stronger in the “infrastructure” than in the “administration” direction, which for me indicates the need for ruby…. or maybe it is just a fashion thing. I am not sure about it but I am sure that the time has come to learn Ruby, really.

On my RHEL 6 box, after a few installs of different ruby packages, I still could not get irb (the interactive ruby environment) to work…

# yum list installed | grep ruby | awk '{print $1}'

It absolutely sucks! And it does it just the same every time I attempt to do something new without reading first the instruction to use! Well, what else can I say but – it is so entertaining!
Let’s start cleaning my own mess.

# yum -y remove ruby200 ruby200-ruby-libs ruby200-runtime

Next, I spent several minutes reading this link –

I proceed anew, with the freshly acquired knowledge:

# yum install rh-ruby22

For this process to work, the host has to subscribe to the rhel-x86_64-server-optional-6 channel of your spacewalk/satellite or rhn. For RHEL 7 the 6 in the repo name changes to 7.
Now, I will use scl (Setup and run software from Software Collection environment) to enable and to add the just installed RH-Ruby 2.2 to my environment.

# scl enable rh-ruby22 bash

Next, the ultimate test – do i have irb or not?

# irb
irb(main):001:0> puts "Hello, Red Hat Developers World from Ruby " + RUBY_VERSION
Hello, Red Hat Developers World from Ruby 2.2.2
=> nil
irb(main):002:0> quit

Sweet! I have what I need to continue reading the “Computer Science Programming Basics with RUBY” by Ophir Frieder, Gideon Frieder, and David Grossman. Well, it is time to turn another page.

Posted in Linux.

Tagged with , , , , , , , .

Is this errata applicable to my host or not?

How to check if a give errata is applicable to a host? If on RHEL6 make sure the the yum-plugin-security is installed (it is part of yum in RHEL7).

# yum -y install yum-plugin-security 

Next with the errata label in hand, for example CVE-2016-0728, execute:

# yum updateinfo info --cve CVE-2016-0728
Loaded plugins: aliases, changelog, presto, refresh-packagekit, rhnplugin, security, tmprepo, ulninfo, verify,
: versionlock
This system is receiving updates from ULN.
CVE "CVE-2016-0728" not found applicable for this system 
updateinfo info done

To install only a particular errata or CVE, for example:

# yum -y update --cve CVE-2012-3954
# yum -y update --advisory ELSA-2012-1141

Posted in LINUX.

Tagged with , , , , .

OpenSCAP for Oracle Linux 6

SCAP addresses the security and venerability aspect of host existence. Lately you can get free the same tools others charge for to scan a host and list its missing patches or known venerability.
You start installing the required rpms from the Oracle network.

# yum -y install openscap openscap-utils scap-security-guide

Next, download and unpack Oracle’s OVAL definitions for all errata from ULN.

# wget \
-q -N
# bzip2 -d -f

I actually download the errata daily to be certain I always have the current ones.

At this time, you can “scan” your host for known patches as follows:

# oscap oval eval --results elsa-results-oval.xml \
--report $Destination/`hostname -s`-PatchingReport.html \

The next command generates list of all known vulnerabilities effecting the host.

# oscap xccdf eval --profile server \
--results $Destination/`hostname -s`-Venerability.xml \
--report $Destination/`hostname -s`-VenerabilityReport.html --cpe \
/usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml \

This one creates a manual (good reading indeed) explaining the nature of vulnerabilities and how to fix them.

# oscap xccdf generate guide --profile server \
--cpe /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml \
/usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml > \
$Destination/`hostname -s`-SecurityGuide.html

In my case, the “$Destination” variable points to an http server public directory which provides me with a single place from where I can view all this information.

Posted in Linux.

Tagged with , , .

Network issues after NIC change (RHEL7.2) …..

A guest had to be “relocated” to DMZ, which in reality meant changing it NIC and giving it a new IP/Netmask/Router. But there was no network adapter “inside” the guest…. The ip a command showed only the loopback adapter and nothing else. In the /etc/sysconfig/*scripts, there was the file for an ifcfg-eno* adapter with correct values inside but usable network connectivity.

Just but a pure luck (I really had no idea what to change) this situation was resolved editing the /etc/default/grub file but appending net.ifnames=0 biosdevname=0 to the kernel parameters line as shown bellow (the whole file is shown)

GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_CMDLINE_LINUX="crashkernel=auto net.ifnames=0 biosdevname=0"

Attention: in reality, every entry is a single line not like in output above where the GRUB_CMDLINE_LINUX is split into two lines!!!!

The last “edits” where enabled executing this command.

# grub2-mkconfig -o /boot/grub2/grub.cfg

Lastly the ifcfg-eno* file was moved to ifcfg-eth* and the guest rebooted.

After the reboot, the host had a working eth0 adapter and everything was was OK again.

I do not think, that this is the real solution. I think, the lack of the eno16780032 device and the lack of luck of bringing it on-line is still an unresolved issue….. I just found a way around the issue.

Posted in Linux.

Tagged with , , , , , , , , .

Copyright © 2015 - 2016 Waldemar Mark Duszyk. - best viewed with your eyes.. Created by Blog Copyright.