Skip to content


ansible dynamic inventory from Satellite 5.8

This is a bash example (SatAnsInv.bash):

#!/bin/bash
### W.M. Duszyk 12/8/17

if [ "$1" == "--host" ]
  then
    echo '{}'
    exit 0
fi
jhosts="{"

for HostGroup in `/usr/bin/spacecmd --nossl group_list -q`
do
  jhosts="$jhosts $HostGroup: ["
  for host in `/usr/bin/spacecmd --nossl group_listsystems $HostGroup -q`
    do
        jhosts="$jhosts$host,"
    done
  jhosts=$jhosts"],"
done

jhosts="$jhosts _meta: { hostvars: {}}}"
printf "$jhosts"

To use it with all hosts registered with Satellite server:

# ansible all -i ./SatAnsInv.bash -m ping

If you have a host group defined under the name of “Unmanaged”:

# ansible Unmanaged -i ./SatAnsInv.bash -m ping

Satellite access info (its hostname, login name and password) are stored in the file ./.spacecmd/configure.

Posted in LINUX, Satellite, scripts.

Tagged with , , .


re-enable “EPEL” repos

Trying to run the yum update and failing with the following message:

warning: /var/cache/yum/x86_64/7Server/prodclone-epel_repo_rhel7_x86_64/packages/R-core-3.3.3-1.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Public key for R-core-3.3.3-1.el7.x86_64.rpm is not installed

The last line explains what is needed – the key, so lets get it for the current version of RedHat (RH7)

# rpm -ivh https://mirrors.cat.pdx.edu/epel/7/x86_64/e/epel-release-7-9.noarch.rpm

No problems any more….. ir if they are still present

For RHEL 7:

# wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

For RHEL 6:

# wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm

Followed with

# yum -y install ./epel-release-latest-*.noarch.rpm

Posted in LINUX.


mount WIN cifs home directory on RedHat box

my WIN home folder which is defined as //wmd.edu/personalshare/HD3/duszyk “follows” me whenever I go and attaches itself to whatever WIN contraption I login. Now, I want it to be present on a LINUX box as well.
So, I make this entry into the /etc/fstab

\\wmd.edu\personalshare\HD3\duszyk /home/wmd   cifs  _netdev,username=duszyk,dir_mode=0755,file_mode=0755,uid=923810,gid=216

Execution of the mount command triggers request for my password which if corrects allows the share to be mounted as /home/wmd.

For a normal user the mount has to be sudoed and I suggest to include it in the .bashrc and the umount of the share in the .bash_logout as well.

Posted in LINUX.


update Ansible to the latest…

# mkdir ansible; cd ansible
# git clone git://github.com/ansible/ansible.git --recursive
# git submodule update --init --recursiv
# make install
# ansible --version
ansible 2.4.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/usr/share/ansible']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible-2.4.0-py2.7.egg/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  2 2016, 04:20:16) [GCC 4.8.5 20150623 (Red Hat 4.8.5-4)]

Posted in LINUX.

Tagged with , , .


xming, putty, linux

A few steps are required on linux and putty sides.

a. Install the following package if it is not present.

# yum -y install xorg-x11-xauth

b. Enable X11 forwarding in /etc/ssh/sshd_config

X11Forwarding yes

c. In putty check that SSH-> X11-> X11Forwarding is enabled and MIT-Magic-Cookie-1 is set.

d. On laptop side, start Xming, putty into your linux box, do not set DISPLAY! – all is ready to go.

Posted in LINUX.

Tagged with , , .


synchronize channels of Oracle SpaceWalk server

Busy day today….

To list Oracle Public Yum repo channels associated with a given SpaceWalk server, execute

# spacewalk-repo-sync -l

To upgrade / synchronize contents of these channels, execute

for repo in `spacewalk-repo-sync -l | grep http | awk -F '|' '{print $1}'`
 do
 spacewalk-repo-sync -c $repo
done

and wait for this loop to finish…..

To synchronize a channel with a ULN repository, use the spacewalk-repo-sync -t uln command, and use the -c option to specify the channel label, for example:

# spacewalk-repo-sync -t uln -c ksplice-ol6-x86_64

Posted in LINUX.

Tagged with , , .


mounting cifs with RedHat

To mount cifs share verify that these packages are installed

	cifs-utils-4.8.1-20.el6.x86_64
	keyutils-1.4-5.el6.x86_64
	keyutils-libs-1.4-5.el6.x86_64

Check that the following entry exists in /etc/request-key.conf

create  dns_resolver    *       *      /usr/sbin/cifs.upcall %k

Finally, mount the share using the associated with it login/password

# mount -t cifs  //wmd.edu/someshare /someLocalMount \
               -o username=Name,password=Password

Posted in Linux.

Tagged with , .


encrypted password in sssd.conf

Currently, the password of the “AD search only” account in the /etc/sssd/sssd.conf is not encrypted.

ldap_default_authtok_type = password
ldap_default_authtok = ^Marco$Polo2011$

To change this situation and to encrypt it follow this steps

# yum –y install sssd-tools

# sss_obfuscate -d WMD.EDU
Enter password - ^Marco$Polo2011$
Enter again = ^Marco$Polo2011$ 

The last command command modifies the file changing the following two entries:

ldap_default_authtok_type = obfuscated_password
ldap_default_authtok = AAAQALnUQMEhhj7/reDfWBkSbUrOCvfxuOwJfdOXFxGzUoGS8zOZWCP5jC4BqvcFkBk8q

Posted in LINUX.

Tagged with , .


uninstalled public key kills yum update……..

Trying to do yum -y update and instead of success these messages show up:

warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Public key for unbound-libs-1.5.1-1.el6.x86_64.rpm is not installed

The package might not be necessary the same as shown above. A quick way to success is the following one

# yum update --nogpgcheck

Posted in LINUX.


Configure UBUNTU/Debian/RH for ActiveDirectory authentication with SSSD

a. Start with checking if the pam_ldap package is installed and remove it if it is.

# apt-get remove pam_ldap

b. Install sssd

# apt-get install sssd libpam-sss libnss-sss sssd-tools

c. Edit /etc/sssd/sssd.conf. In my case, this file has the following content.

[sssd]
config_file_version = 2
services = nss, pam
domains = WMD.EDU
debug_level = 9

[domain/WMD.EDU]
debug_level=3
ldap_id_use_start_tls = False
cache_credentials = False
id_provider = ldap
access_provider = ldap
auth_provider = krb5
chpass_provider = krb5
ldap_schema = rfc2307bis
ldap_force_upper_case_realm = True
ldap_user_object_class = user
ldap_group_object_class = group
ldap_user_gecos = displayName
ldap_user_object_class = user
ldap_user_name = sAMAccountName
ldap_user_fullname = displayName
ldap_user_home_directory = unixHomeDirectory
ldap_user_principal = userPrincipalName
ldap_group_object_class = group
ldap_group_name = sAMAccountName

ldap_user_home_directory = unixHomeDirectory
ldap_uri = ldap://linuxldap.wmd.edu/
ldap_search_base = dc=wmd,dc=edu
ldap_user_search_base,OU=Secured,OU=Corporate Users,DC=wmd,DC=edu
ldap_user_search_base,OU=Managed By Others,DC=wmd,DC=edu
ldap_user_search_base,OU=Shared,OU=Corporate Users,DC=wmd,DC=edu
ldap_user_search_base,OU=ServiceAccounts,OU=Corporate Servers,DC=wmd,DC=edu
ldap_group_search_base,ou=Unix,ou=Security Groups,ou=Corporate Groups,dc=wmd,dc=edu
ldap_default_bind_dn = CN=aixldapquery,OU=ServiceAccounts,OU=Corporate Servers,DC=wmd,DC=edu
ldap_default_authtok_type = password
ldap_default_authtok = **********
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_referrals = false

krb5_realm = WMD.EDU
krb5_kpasswd = kerberos.wmd.edu
krb5_server = kerberos.wmd.edu
krb5_canonicalize = False

[pam]
offline_credentials_expiration = 0

where ********** is the password of the aixldapquery account, which queries AD on the behalf of the login in user.

d. While in /etc/sssd, edit permissions of the sssd.conf – this is important, otherwise the service will not start!

# chmod 0600 sssd.conf

e. Verify that the following files in /etc/pam.d contain the entries shown.

/etc/pam.d/common-auth
[success=1 default=ignore]	pam_sss.so use_first_pass
/etc/pam.d/common-session
session	required        pam_mkhomedir.so umask=0022 skel=/etc/skel
session	optional	pam_sss.so
/etc/pam.d/common-password
password	sufficient	pam_sss.so use_authtok

f. Absolutely remove/comment out the following line in /etc/pam.d/common-account. Otherwise no AD defined user will be able to login.

account  [default=bad success=ok user_unknown=ignore]  pam_sss.so

g. Set the sssd service to start on reboot

# systemctl enable sssd

h. restart sssd and you are ready to go.

# systemctl restart sssd

The following command can be very useful troubleshooting sssd issues.

# sudo sssd -d9 -i

Posted in LINUX.




Copyright © 2016 - 2017 Waldemar Mark Duszyk. All Rights Reserved. Created by Blog Copyright.