Skip to content


Migrate from RedHat to Oracle ULN

I have a bunch of RedHat 6.7 hosts registered with Satellite 5.7 which I am moving to Oracle ULN 6.7 and simultaneously registering with Oracle’s SpaceWalk2.2
Scheduling reboots for patching is just too much pain in a neck.

This is the procedure I follow.

a. disable any repositories found in /etc/yum.repos.d of the host about to be converted.
b. make copies of up2date and systemid files located in the /usr/share/rhn folder just in case, why am I doing it – paranoid?
c. install the keys required by the SpaceWalk and ULN registration process

# wget -q -O /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT  \
http://sysspwpl1.chop.edu/pub/RHN-ORG-TRUSTED-SSL-CERT

# wget http://public-yum.oracle.com/RPM-GPG-KEY-oracle-ol6 -O \
/etc/pki/rpm-gpg/RPM-GPG-KEY-oracle

# cd /etc/pki/rpm-gpg; rpm --import RPM-GPG-KEY-oracle

d. register with SpaceWalk executing the following snippet

# rhnreg_ks \
--sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT \
--serverUrl=https://SpaceWalkHostName.xxx.zzz/XMLRPC \
--activationkey=1-15506df7d95db,1-bf89408ea391c867 \
--force

e. clean yum cache and show new repos

# yum clean all; yum repolist

f. remove old version of vmware tools, install the latest vmware-tools repository

# for pkg in `rpm -qa | grep vmware`
do 
  rpm -e -vv --allmatches --nodeps --noscripts --notriggers $pkg
done

# cd /usr/lib
# rm -rf ./vmware-tools
# cd /etc
# rm -rf ./vmware-tools

# rpm -ivh https://packages.vmware.com/tools/esx/6.0u1/repos/vmware-tools-repo-RHEL6-9.10.5-1.el6.x86_64.rpm

# rpm --import http://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-DSA-KEY.pub

g. install Oracle logos

# yumdownloader oraclelinux-release.x86_64 \
        oraclelinux-release-notes.x86_64

# rpm -Uhv --force oraclelinux-release*

# yum install oracle-logos.noarch

h. install ULN support packages, install vmware, etc.

# yum -y shell
remove libreport-plugin-rhtsupport php-common-5.3.3-46.el6_7.1.x86_64 
remove kernel-firmware.noarch
update libreport abrt
install php55 php55-ldap 
install kernel-uek kernel-uek-firmware uptrack-offline
install vmware-tools-esx-kmods vmware-tools-esx
run
quit

# yum -y install uptrack-updates-`uname -r`;yum -y update

The running kernel is still the “old” one

# # uptrack-uname -r
2.6.32-573.22.1.el6.x86_64

Check that the kernel in force following the next reboot is the Unbreakable one.

# cat /boot/grub/grub.conf
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
password --encrypted $1$NaCl$BQ1C3cAnHEG4PprqLREJa1
title Oracle Linux Server Unbreakable Enterprise Kernel (3.8.13-118.4.2.el6uek.x86_64)
        root (hd0,0)
        kernel /vmlinuz-3.8.13-118.4.2.el6uek.x86_64 .....

Posted in LINUX, NonAix, Satellite.

Tagged with , , , , , , , .


the latest take on installing/patching VMWare tools

I have a set of rel6.x RedHat and Oracle Linux guests with outdated and some with no “tools” installed at all. Bellow, is my latest take on on “patching/re-installing”.

Just in the case the this has previously been installed.

# vmware-uninstall-tools.pl  

Just in the case, there are vmware packages laying around.

# for pkg in `rpm -qa | grep vmware`; do rpm -e -vv --allmatches --nodeps --noscripts --notriggers $pkg; done

Remove any previous “leftover” directories.

# cd /usr/lib
# rm -rf ./vmware-tools
# cd /etc
# rm -rf ./vmware-tools

Install VMWare repository of the appropriate version.

# rpm -ivh https://packages.vmware.com/tools/esx/6.0u1/repos/vmware-tools-repo-RHEL6-9.10.5-1.el6.x86_64.rpm 

Just in the case the keys have never been installed or they are gone.

# rpm --import http://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-DSA-KEY.pub

Finally, we are ready to roll and do the install.

# yum -y install vmware-tools-esx-kmods vmware-tools-esx

As the last step, login to vCenter GUI and see the tools running under the guest management.

Posted in LINUX.

Tagged with , , , .


OSA-dispatcher failing with Invalid password

There was no communication between SpaceWalk 2.2 server and its clients and the contents of the /var/log/rhn/osa-dispatcher.log were showing these messages:

2016/03/28 11:46:58 -04:00 16874 0.0.0.0: osad/jabber_lib.__init__
2016/03/28 11:46:58 -04:00 16874 0.0.0.0: osad/jabber_lib.setup_connection('Connected to jabber server', 'spacewalk1.chop.edu')
2016/03/28 11:46:58 -04:00 16874 0.0.0.0: osad/jabber_lib.register('ERROR', 'Invalid password')
2016/03/30 11:15:06 -04:00 873 0.0.0.0: rhnSQL/driver_cx_Oracle.connect('Connecting to database', 'spacewalk@//localhost/spacedb')

These steps resolved all issues:

# service jabberd stop
# service osa-dispatcher stop
# rm -f /var/lib/jabberd/db/*
# service jabberd start 
# sleep 10
# service osa-dispatcher start

Posted in Satellite.

Tagged with .


RedHat 7 and vmware-tools

If vmware Redhat “guest” will be used as a template or it could be relocated as part of SRM than it has to have the open-vm-tools-deploypkg package installed. To do it requires the following steps.

a. Download VMware Public keys

# wget http://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-DSA-KEY.pub
# wget http://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-RSA-KEY.pub

b. Import each of the two keys (that’s a double dash in front of import):

# rpm –import VMWARE-PACKAGING-GPG-DSA-KEY.pub
# rpm –import VMWARE-PACKAGING-GPG-RSA-KEY.pub

c. Create the yum repository by creating a file called /etc/yum.repos.d/vmware-tools.repo containing the following text:

[vmware-tools]
name = VMware Tools
baseurl = http://packages.vmware.com/packages/rhel7/x86_64/
enabled = 1
gpgcheck = 1

d. Remove the already installed open-vm-tools (comes with RedHat ISO image).

sudo yum remove open-vm-tools

e. Install open-vm-tools-deploypkg, which will pull in the correct version of the package you removed in the previous step.

# yum -y install open-vm-tools-deploypkg

f. To start vmware service:

# systemctl on vmtoolsd

g. To start it with the guest power on:

# systemctl enable vmtoolsd

This is all.

Posted in Linux, LINUX.


linux – installing packages without access to repos

Apparently to install Spacewalk on Oracle Linux box it must not be registered with ULN, which means no trace of Oracle repos in the /etc/yum.repos.d….
I am configuring Spacewalk. It accepts all the info it needs (TNS name, user, password, remote host, etc) by eventually it fails saying that it cannot manipulates tables …..
I open a ticket with Oracle. Over twenty-four our later Oracle sup
ports calls me asking for the SOS report …..
I installed this machine with a very minimal number of packages, I did it intentionally and as the result this box does not have spacewalk on board.

How am I going to get the sos package installed if this host should not be registered with Oracle ULN?

I have many Oracle ULN and Red Hat boxes around. So after login into one Oracle ULN host, I execute the following command:

# yumdownloader --destdir /var/tmp sos

The SOS above is the package name containing the sosreport command.

# ls -l /var/tmp
total 312
-rw-r--r-- 1 root root 316936 Feb  9 04:45 sos-3.2-28.0.1.el6_7.2.noarch.rpm

After moving this rpm to the future Spacewalk machine, it is installed by yum, which is instructed to look for it locally.

# yum -y localinstall sos-3.2-28.0.1.el6_7.2.noarch.rpm

Finally, I can create the report and send it to Oracle Support.

Posted in LINUX.

Tagged with .


enable Ruby environment on RHEL (ULN)

So far, I did Lisp, C, csh/ksh/bsh, perl. Now it seems to me that the wind is blowing stronger in the “infrastructure” than in the “administration” direction, which for me indicates the need for ruby…. or maybe it is just a fashion thing. I am not sure about it but I am sure that the time has come to learn Ruby, really.

On my RHEL 6 box, after a few installs of different ruby packages, I still could not get irb (the interactive ruby environment) to work…

# yum list installed | grep ruby | awk '{print $1}'
ruby.x86_64                  
ruby-libs.x86_64             
ruby200.x86_64               
ruby200-ruby.x86_64          
ruby200-ruby-irb.noarch      
ruby200-ruby-libs.x86_64     
ruby200-rubygem-bigdecimal.x86_64
ruby200-rubygem-io-console.x86_64
ruby200-rubygem-json.x86_64  
ruby200-rubygem-psych.x86_64 
ruby200-rubygem-rdoc.noarch  
ruby200-rubygems.x86_64      
ruby200-runtime.x86_64

It absolutely sucks! And it does it just the same every time I attempt to do something new without reading first the instruction to use! Well, what else can I say but – it is so entertaining!
Let’s start cleaning my own mess.

# yum -y remove ruby200 ruby200-ruby-libs ruby200-runtime

Next, I spent several minutes reading this link – http://developers.redhat.com/products/softwarecollections/get-started-rhel7-ruby/

I proceed anew, with the freshly acquired knowledge:

# yum install rh-ruby22

For this process to work, the host has to subscribe to the rhel-x86_64-server-optional-6 channel of your spacewalk/satellite or rhn. For RHEL 7 the 6 in the repo name changes to 7.
Now, I will use scl (Setup and run software from Software Collection environment) to enable and to add the just installed RH-Ruby 2.2 to my environment.

# scl enable rh-ruby22 bash

Next, the ultimate test – do i have irb or not?

# irb
irb(main):001:0> puts "Hello, Red Hat Developers World from Ruby " + RUBY_VERSION
Hello, Red Hat Developers World from Ruby 2.2.2
=> nil
irb(main):002:0> quit

Sweet! I have what I need to continue reading the “Computer Science Programming Basics with RUBY” by Ophir Frieder, Gideon Frieder, and David Grossman. Well, it is time to turn another page.

Posted in Linux.

Tagged with , , , , , , , .


Is this errata applicable to my host or not?

How to check if a give errata is applicable to a host? If on RHEL6 make sure the the yum-plugin-security is installed (it is part of yum in RHEL7).

# yum -y install yum-plugin-security 

Next with the errata label in hand, for example CVE-2016-0728, execute:

# yum updateinfo info --cve CVE-2016-0728
Loaded plugins: aliases, changelog, presto, refresh-packagekit, rhnplugin, security, tmprepo, ulninfo, verify,
: versionlock
This system is receiving updates from ULN.
CVE "CVE-2016-0728" not found applicable for this system 
updateinfo info done

To install only a particular errata or CVE, for example:

# yum -y update --cve CVE-2012-3954
# yum -y update --advisory ELSA-2012-1141

Posted in LINUX.

Tagged with , , , , .


OpenSCAP for Oracle Linux 6

SCAP addresses the security and venerability aspect of host existence. Lately you can get free the same tools others charge for to scan a host and list its missing patches or known venerability.
You start installing the required rpms from the Oracle network.

# yum -y install openscap openscap-utils scap-security-guide

Next, download and unpack Oracle’s OVAL definitions for all errata from ULN.

# wget \
-q -N http://linux.oracle.com/security/oval/com.oracle.elsa-all.xml.bz2
# bzip2 -d -f com.oracle.elsa-all.xml.bz2

I actually download the errata daily to be certain I always have the current ones.

At this time, you can “scan” your host for known patches as follows:

# oscap oval eval --results elsa-results-oval.xml \
--report $Destination/`hostname -s`-PatchingReport.html \
com.oracle.elsa-all.xml

The next command generates list of all known vulnerabilities effecting the host.

# oscap xccdf eval --profile server \
--results $Destination/`hostname -s`-Venerability.xml \
--report $Destination/`hostname -s`-VenerabilityReport.html --cpe \
/usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml \
/usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml

This one creates a manual (good reading indeed) explaining the nature of vulnerabilities and how to fix them.

# oscap xccdf generate guide --profile server \
--cpe /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml \
/usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml > \
$Destination/`hostname -s`-SecurityGuide.html

In my case, the “$Destination” variable points to an http server public directory which provides me with a single place from where I can view all this information.

Posted in Linux.

Tagged with , , .


Network issues after NIC change (RHEL7.2) …..

A guest had to be “relocated” to DMZ, which in reality meant changing it NIC and giving it a new IP/Netmask/Router. But there was no network adapter “inside” the guest…. The ip a command showed only the loopback adapter and nothing else. In the /etc/sysconfig/*scripts, there was the file for an ifcfg-eno* adapter with correct values inside but usable network connectivity.

Just but a pure luck (I really had no idea what to change) this situation was resolved editing the /etc/default/grub file but appending net.ifnames=0 biosdevname=0 to the kernel parameters line as shown bellow (the whole file is shown)

GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=rootvg/vol01 rd.lvm.lv=rootvg/swap rd.lvm.lv=rootvg/vol07 net.ifnames=0 biosdevname=0"
GRUB_DISABLE_RECOVERY="true"

Attention: in reality, every entry is a single line not like in output above where the GRUB_CMDLINE_LINUX is split into two lines!!!!

The last “edits” where enabled executing this command.

# grub2-mkconfig -o /boot/grub2/grub.cfg

Lastly the ifcfg-eno* file was moved to ifcfg-eth* and the guest rebooted.

After the reboot, the host had a working eth0 adapter and everything was was OK again.

I do not think, that this is the real solution. I think, the lack of the eno16780032 device and the lack of luck of bringing it on-line is still an unresolved issue….. I just found a way around the issue.

Posted in Linux.

Tagged with , , , , , , , , .


Setting NFS server on RHEL and ULN 6..

Trying to set NFS server may turn to be an unnecessary “excitement” if you forget that on some LINUXes (like RHEL, Centos, ULN version 6 and above) portmap does no longer exist because it is now a part and it is now controlled by rpcbind service…..

# service portmap start
portmap: unrecognized service

NFS server can be set configured and activated as long as these two rpms are loaded:

# rpm -q | grep nfs
nfs-utils-lib-1.1.5-11.el6.x86_64
nfs-utils-1.2.3-64.el6.x86_64

All that need to be done are the following steps.

# service rpcbind start
Starting rpcbind:                                          [  OK  ]
#
# service nfs start
Starting NFS services:                                     [  OK  ]
Starting NFS quotas:                                       [  OK  ]
Starting NFS mountd:                                       [  OK  ]
Starting NFS daemon:                                       [  OK  ]
Starting RPC idmapd:                                       [  OK  ]

To start NFS services at the boot time, we need to make it known with the next two commands.

# chkconfig rpcbind on
# chkconfig nfs on

Well, you have to designate a file system that you will be exporting and edit the /etc/exports followed by execution of the command exportfs -a. On the client, you should be able to “see” this file system executing the command showmount -e nfs_servername where the last is the name or IP address of the nfs server you will be exporting from.

Posted in LINUX.

Tagged with , , , , , , , .




Copyright © 2015 - 2016 Waldemar Mark Duszyk. - best viewed with your eyes.. Created by Blog Copyright.