Skip to content


sssd, kerberos,AD mixed case login names

For reasons unknown, any mixed case letter login (for example JamesBond) is no longer allowed access to a LINUX host. Yes, it used to work, but now it does not. In the past this issue was dealt with the presence of the following entry in the /etc/sssd/sssd.conf file:

case_sensitive = False

Today, someone discovered that if this line is removed the ability for the mixed case logins returns!

Ansible to the rescue!

A new group (named scom) containing the appropriate hosts is entered into the file /etc/ansible/hosts and followed with this two “statements”

# ansible -a "sed -i -e '/case_sensitive = False/d' /etc/sssd/sssd.conf" scom

# ansible -a "service sssd restart" scom

A few hours of work compressed into a minute or two – thanks Ansible!

Posted in LINUX.

Tagged with , , , , , , .


mailx stopped working……

No email stopped working. No notifications from cron executed jobs, no emails from command line, no emails at all. I also noticed that the “-v” option stopped working no more “verbose” Well, it used to work before.

I added the following two lines to the file /etc/mail.rc:

[root@marcopolo etc]# tail -4 mail.rc
#### WMDUSZYK 11/3/16
set smtp=mailrouter.wmd.edu
set from=marcopolo.wmd.edu

The first line defines our mail server and the second one the host with broken mail aka “marcopolo”…. Editing this file make sure that there are no spaces around the = character. Also, verify name resolution of the host.

[root@marcopolo etc]#  host 10.18.51.109
109.51.18.10.in-addr.arpa domain name pointer marcopolo.wmd.edu.
[root@marcopolo etc]# host marcopolo.wmd.edu.
marcopolo.wmd.edu has address 10.18.51.109

Next, the test.

[root@marcopolo etc]# mailx -v -s "test" duszyk@chop.edu<<EOF
> test
> EOF
Resolving host mailrouter.chop.edu . . . done.
Connecting to 10.20.134.33 . . . connected.
220 xxxxxxxxx.wmd.edu Microsoft ESMTP MAIL Service, Version: 8.5.9600.16384 ready at  Thu, 3 Nov 2016 10:26:55 -0400
>>> HELO marcopolo.wmd.edu
250 xxxxxx.wmd.edu Hello [10.20.134.1]
>>> MAIL FROM:<marcopolo.wmd.edu>
250 2.1.0 marcopolo.wmd.edu@xxxxxxxxx.wmd.edu....Sender OK
>>> RCPT TO:<duszyk@wmd.edu>
250 2.1.5 duszyk@wmd.edu
>>> DATA
354 Start mail input; end with <CRLF>.<CRLF>
>>> .
250 2.6.0 <xxxxxxxxxJnagT4Nfjs000045e8@xxxxxxxxx.wmd.edu> Queued mail for delivery
>>> QUIT
221 2.0.0 xxxxxxxxx.wmd.edu Service closing transmission channel

We are back in business.

Posted in LINUX.

Tagged with , .


add user with ansible

a quick and dirty – add a user (svc_lawprod), set his password (abc123) and age it so it must be changed at his first login instance.

---
- hosts:
  remote_user:

  tasks:

   - name: create user
     shell: useradd -d /home/svc_lawprod -m -u 22800 -c 'Lawson service account' -g lawson -p `openssl passwd abc123` svc_lawprod

   - name: force password reset at 1st login
     shell: chage -d 0 svc_lawprod 

Posted in LINUX.

Tagged with , , , , .


deploying nxlog with ansible

Download and install “nxlog” and provide it with a “customized” version of “/etc/nslog.conf file. First the playbook that will execute only of host’s operating system is RHEL ver. 6:

---
- hosts: 
  remote_user:

  tasks:

   - name: download nxlog 
     yum: name=https://nxlog.co/system/files/products/files/1/nxlog-ce-2.9.1716-1_rhel6.x86_64.rpm state=installed
     notify: StartNxLog
     when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version == '6'"

   - name: StartNxLog
     include: /root/playbooks/StartNxLog

The contents of the “include:” file “/root/playbooks/StartNxLog”

- name: copy config file
  copy: src=/root/playbooks/nxlog.conf dest=/etc/nxlog.conf owner=root group=root mode=664

- name: set nxlog service to start at boot and now
  service: name=nxlog enabled=yes state=started

Posted in LINUX.

Tagged with , .


/etc/rsyslog.conf edits with ansible

The host called “wmd1” used to be the remote logger for all the LINUX boxes in the “left” data center. In the “right” data center it was “wmd2”. For whatever reason its replacement in the “left” data center is now called “wmd7”. The rest is Ansible playbook allowing for a mass edits across all the “left” boxes.

- hosts:
  remote_user: root

  tasks:
   - name: copy /etc/rsyslog.conf to /etc/rsyslog.conf.OLD
     copy: src=/etc/rsyslog.conf dest=/etc/rsyslog.conf.OLD force=no

   - name: replace the name of remote logger or insert it if missing
     shell: grep .*wmd.*\.wmd.edu /etc/rsyslog.conf && sed --in-place 's/wmd.*\.wmd.edu/wmd7.wmd.edu/' /etc/rsyslog.conf || echo '*.* @@wmd7.wmd.edu:1515' >> /etc/rsyslog.conf ; service rsyslog restart

The shell line is one long line – there are no folding characters above.

Posted in Linux, LINUX.

Tagged with , , , .


copying files among hosts with ansible

To copy one file from one machine to a set of hosts? Under the ahd label, there is a group of hosts in /etc/ansible/hosts.

[ahd]
host1
host2
host3

There is a host called sysmgttl1 with a file /etc/testWMD, we want to copy to every hosts in ansibel ahd group.
This task is easily accomplished with a playbook with the following content:

- hosts: ahd
  tasks:
    - name: Transfer file from sysmgttl1 to hosts in the ahd group
      synchronize:
        src: /etc/testWMD
        dest: /etc/testWMD
      delegate_to: sysmgttl1

Our playbook is called ehd_sync

# ansible-playbook ehd_sync
 ____________
< PLAY [ahd] >
 ------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||
 ______________
< TASK [setup] >
 --------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||
ok: [host1]
ok: [host2]
ok: [host3]
______________________________________________
< TASK [Transfer file from ServerA to ServerB] >
 ----------------------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

changed: [host1 -> sysmgttl1]
changed: [host3 -> sysmgttl1]
changed: [host2 -> sysmgttl1]
 ____________
< PLAY RECAP >
 ------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

host1          : ok=2    changed=1    unreachable=0    failed=0
host2          : ok=2    changed=1    unreachable=0    failed=0
host3          : ok=2    changed=1    unreachable=0    failed=0

To check/validate:

# ansible -a "ls -l /etc/testWMD" aha
host1 | SUCCESS | rc=0 >>
-rw-r--r-- 1 root root 0 Oct  7 14:17 /etc/testWMD
host2 | SUCCESS | rc=0 >>
-rw-r--r-- 1 root root 0 Oct  7 14:17 /etc/testWMD
host3 | SUCCESS | rc=0 >>
-rw-r--r-- 1 root root 0 Oct  7 14:17 /etc/testWMD

Posted in Linux.

Tagged with , , , .


ansible cont.

This time, a user (wmd needs to have in his home directory (several hosts needs this treatment) a very specific file with an equally specific content and permisions. Ansible playbook code for today:

---
- hosts: jam

  tasks:
   - name: edit ~wmd/k5login
   - shell: echo 'E_wmd@CHOP.EDU' > /home/e_wmd/.k5login
   - file: path=/home/e_wmd/.k5login owner=e_wmd group=wmd mode=0644

To execute this spcific playbook:

# ansible-playbook wmd.yml

This effort was required by lack of consitency in user definition in AD…….Often you can fix something faster than the one who owns it….. 🙂

Posted in LINUX.

Tagged with , .


AIX/PowerHA – cannot remove caavg_private disk (change pvid of a disk)

another chapter in storage migration….. Previously XIV delivered all disks. Currently it is VSP. A VSP disk had to replace the caa private disk in order to complete the migration. This process, focused around the procedure from on of my previous posts (search this blog for “CAA_FORCE_ENABLED=1”) kept failing and eventually being limited by time all XIV disks were removed from cluster nodes. HA ODM still showed the original caa disks PVID when queried and the cluster would not sync or operate…..

The PVID from the new caa candidate disk was removed and replaced with the PVID of the original caa disk. Next, both nodes have been rebooted, cluster synced and the peace returned to the cluster!

# lspv
hdisk1          00f660fd7411a5f3              rootvg          active
hdisk0          00f660fdc7e49dad              rootvg          active
hdisk10         00f660fd67ab3d30              lawappqa_vg
hdisk11         00f660fd67ab42ed              lawappqa_vg
hdisk12         00f660f667cb1f64              None
hdisk13         00f660f667cb1e16              None
hdisk14         00f660fd67ab4665              lawappqa_vg
hdisk15         00f660fd67ab4916              lawappqa_vg
hdisk16         00f660f667cb13bf              None
hdisk17         00f660f667cb0f0e              None

The last disk (hdisk17) will be the new caa disk, we will clean its pvid (on all cluster nodes!).

# chdev -l hdisk17 -a pv=clear

The original disk pvid was “00f660fde083fb16”. Now it will be assigned to hdisk17 (done on the primary node).

# perl -e 'print pack("H*","00f660fde083fb16");' >/tmp/pvid
# cat /tmp/pvid | dd of=/dev/hdisk17 bs=1 seek=128
# rmdev -dl hdisk17
# shutdown -Fr

After the reboot (which really was not needed as cfgmgr could be used instead).

# lspv
hdisk1          00f660fd7411a5f3               rootvg          active
hdisk0          00f660fdc7e49dad               rootvg          active
hdisk10         00f660fd67ab3d30               lawappqa_vg
hdisk11         00f660fd67ab42ed               lawappqa_vg
hdisk12         00f660f667cb1f64               None
hdisk13         00f660f667cb1e16               None
hdisk14         00f660fd67ab4665               lawappqa_vg
hdisk15         00f660fd67ab4916               lawappqa_vg
hdisk16         00f660f667cb13bf               None
hdisk2          00f660fde083fb16               caavg_private   active
# /usr/es/sbin/cluster/utilities>./clmgr sync cluster

Notice that hdisk17 has morphed into hdisk2, which is normal. Now, let’s start the cluster and watch it run.

today, scouting the Web, I found another way of changing AIX disk PVID token – see bellow for a neat script (I have not tested it).

#!/usr/bin/ksh
PVID=$1
DISK=$2
set -A a `echo $PVID | \
awk ' {
for (f=1; f <= length($0); f=f+2) { print "ibase=16\nobase=8\n"toupper(substr($0,f,2)) } }' |\ bc 2>/dev/null`
/usr/bin/echo "\0"${a[0]}"\0"${a[1]}"\0"${a[2]}"\0"${a[3]}"\0"${a[4]}"\0"${a[5]}"\0"${a[6]}"\0"${a[7]}"\0\0\0\0\0\0\0\0\c" | dd bs=1 seek=128 of=/dev/$DISK

Posted in LINUX.

Tagged with , , , .


Device eth0 does not seem to be present – RHEL7.2

While trying to get WIFI NIC running on a laptop its eth0 interface disappeared ….. Device eth0 does not seem to be present. This host, while built by KickStart had its NIC labeled as ETH0 which is not the “native” way for RHEL7 so after a while of fruitless efforts I started to look for it under a different name.

To determine location code of all network devices:

#  lspci | grep -i net
00:19.0 Ethernet controller: Intel Corporation 82567LM Gigabit Network Connection (rev 03)
03:00.0 Network controller: Intel Corporation Ultimate N WiFi Link 5300

To locate these devices

# cd /sys/class/net
# ls -la
total 0
lrwxrwxrwx  1 root root 0 Sep 28 08:23 docker0 -> ../../devices/virtual/net/docker0
lrwxrwxrwx  1 root root 0 Sep 28 08:13 enp0s25 -> ../../devices/pci0000:00/0000:00:19.0/net/enp0s25
lrwxrwxrwx  1 root root 0 Sep 28 08:13 lo -> ../../devices/virtual/net/lo
lrwxrwxrwx  1 root root 0 Sep 28 08:13 virbr0 -> ../../devices/virtual/net/virbr0
lrwxrwxrwx  1 root root 0 Sep 28 08:13 virbr0-nic -> ../../devices/virtual/net/virbr0-nic
lrwxrwxrwx  1 root root 0 Sep 28 08:13 wls1 -> ../../devices/pci0000:00/0000:00:1c.1/0000:03:00.0/net/wls1

The last listing indicates that eth0 is now called enp0s25.

# cd /etc/sysconfig/*scripts
# mv ifcfg-eth0 ifcfg-enp0s25
# systemctl restart network

This fixes it and the host is again accessible from the “outside” 🙂

Posted in LINUX.


Spacewalk2.2 db password expired

Satellite 2.2 servers started to send mails containing the following text:

Frame initDB in /usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/__init__.py at line 117
username = spacewalk
e = (28001, 'ORA-28001: the password has expired\n', 'spacewalk@//localhost/spacedb', 'Connection_Connect(): begin session')

It seems that the “spacewalk” user password has expired. Follow the text bellow to validate it and eventually to change it.

# su - oracle
$ sqlplus / as SYSDBA
SQL> select username, account_status, created, lock_date, expiry_date
 from dba_users
where account_status != 'OPEN';
USERNAME
--------------------------------------------------------------
SPACEWALK
EXPIRED                          12-MAR-16           15-SEP-16

SQL> alter user spacewalk identified by abc123;

SQL> select username, account_status, created, lock_date, expiry_date
 from dba_users
where account_status = 'OPEN';

USERNAME
--------------------------------------------------------------
ACCOUNT_STATUS                   CREATED   LOCK_DATE EXPIRY_DA
-------------------------------- --------- --------- ---------
SPACEWALK
OPEN                             12-MAR-16           25-MAR-17
SQL> bye

Posted in LINUX.

Tagged with , , , , .




Copyright © 2016 - 2017 Waldemar Mark Duszyk. All Rights Reserved. Created by Blog Copyright.