Yay I passed the EX436 Red Hat Enterprise Storage Management !
https://www.redhat.com/wapps/training/certification/verify.html?certNumber=111-207-403&isSearch=False&verify=Verify
Yay I passed the EX436 Red Hat Enterprise Storage Management !
https://www.redhat.com/wapps/training/certification/verify.html?certNumber=111-207-403&isSearch=False&verify=Verify
Post 1 – http://www.guldmyr.com/blog/red-hat-clustering-and-storage-management-course-objectives/ Where I checked out udev, multipathing, iscsi, LVM and xfs.
This post is about getting using luci/ricci to get a Red Hat cluster working, but not on a RHEL machine because sadly I do not have one available for practice purposes. So CentOS64 it is. Using openstack for virtualization.
Topology: Four hosts on all three networks, -a, -b and internal. Three cluster nodes and one management node.
Get the basic cluster going:
Tests:
Share an iSCSI target between all nodes:
Attending “Red Hat Enterprise Clustering and Storage Management” in August. Quite a few of these technologies I haven’t touched upon before so probably best to go through them before the course.
Initially I wonder how many of these are Red Hat specific, or how many of these I can accomplish by using the free clones such as CentOS or Scientific Linux. We’ll see :) At least a lot of Red Hat’s guides will include their Storage Server.
I used the course content summary as a template for this post, my notes are made within them.. below.
For future questions and trolls: this is not a how-to for lazy people who just want to copy and paste. There are plenty of other sites for that. This is just the basics and it might have some pointers so that I know which are the basic steps and names/commands for each task. That way I hope it’s possible to figure out how to use the commands and such by RTFM.
Get an overview of storage and cluster technologies.
Set up and manage iSCSI.
Step 2: Make nodes for the cluster.
Step 3: Setup an iSCSI target on the iSCSI server.
http://www.server-world.info/en/note?os=CentOS_6&p=iscsi
http://www.server-world.info/en/note?os=CentOS_6&p=iscsi&f=2
Step 4: Login to the target from at least two nodes by running ‘iscsiadm’ commands.
Next step would be to put an appropriate file system on the LUN.
Learn basic manipulation and creation of udev rules.
http://www.reactivated.net/writing_udev_rules.html is an old link but just change the commands to “udevadm” instead of “udev*” and at least the sections I read worked the same.
udevadm info -a -n /dev/sdb
Above command helps you find properties which you can build rules from. Only use properties from one parent.
I have a USB key that I can pass through to my VM in VirtualBox, without any modifications it pops up as /dev/sdc.
By looking in the output of the above command I can create /etc/udev/rules.d/10-usb.rules that contains:
SUBSYSTEMS=="usb", ATTRS{serial}=="001CC0EC3450BB40E71401C9", NAME="my_usb_disk"
After “removing” the USB disk from the VM and adding it again the disk (and also all partitions!) will be called /dev/my_usb_disk. This is bad.
By using SYMLINK+=”my_usb_disk” instead of NAME=”my_usb_disk” all the /dev/sdc devices are kept and /dev/my_usb_disk points to /dev/sdc5. And on next boot it pointed to sdc6 (and before that sg3 and sdc7..). This is also bad.
To make one specific partition with a specific size be symlinked to /dev/my_usb_disk I could set this rule:
SUBSYSTEM=="block", ATTR{partition}=="5", ATTR{size}=="1933312", SYMLINK+="my_usb_disk"
You could do:
KERNEL=="sd*" SUBSYSTEM=="block", ATTR{partition}=="5", ATTR{size}=="1933312", SYMLINK+="my_usb_disk%n"
Which will create /dev/my_usb_disk5 !
This would perhaps be acceptable, but if you ever want to re-partition the disk then you’d have to change the udev rules accordingly.
If you want to create symlinks for each partition (based on it being a usb, a disk and have the USB with specified serial number):
SUBSYSTEMS=="usb", KERNEL=="sd*", ATTRS{serial}=="001CC0EC3450BB40E71401C9", SYMLINK+="my_usb_disk%n"
These things can be useful if you have several USB disks but you always want the disk to be called /dev/my_usb_disk and not sometimes /dev/sdb and sometimes /dev/sdc.
For testing one can use “udevadm test /sys/class/block/sdc”
Combine multiple paths to SAN devices into one fault-tolerant virtual device.
Ah, this one I’ve been in touch with before with fibrechannel, it also works with iSCSI.
Multipath is the command and be wary of devices/multipaths vs default settings.
Multipathd can be used in case there are actually multiple paths to a LUN (the target is perhaps available on two IP addresses/networks) but it can also be used to set a user_friendly name to a disk, based on its wwid.
Some good commands:
service multipathd status yum provides */multipath.conf # device-mapper-multipath is the package. multipath -ll
Copy in default multipath.conf to /etc; reload and hit multipath -ll to see what it does.
After that the Fun begins!
Learn the architecture and component technologies in the Red Hat® High Availability Add-On.
Understand quorum and quorum calculations.
Understand Fencing and fencing configuration.
Understand rgmanager and the configuration of resources and resource groups.
Understand resource dependencies and complex resources.
Understand the use and limitations of 2-node clusters.
http://en.wikipedia.org/wiki/Split-brain_(computing)
Review LVM commands and Clustered LVM (clvm).
Tutonics has a good “ubuntu” guide for LVMs, but at least the snapshot part works the same.
Revert a Logival Volume to the state of the snapshot:
Explore the Features of the XFS® file system and tools required for creating, maintaining, and troubleshooting.
yum provides */mkfs.xfs
yum install quota
XFS Quotas:
mount with uquota for user quotas, mount with uqnoenforce for soft quotas.
use xfs_quota -x to set quotas
help limit
To illustrate the quotas: set a limit for user “user”:
xfs -x -c "limit bsoft=100m bhard=110m user"
Then create two 50M files. While writing the 3rd file the cp command will halt when it is at the hard limit:
[user@rhce3 home]$ cp 50M 50M_2 cp: writing `50M_2': Disk quota exceeded [user@rhce3 home]$ ls -l total 112636 -rw-rw-r-- 1 user user 52428800 Aug 15 09:29 50M -rw-rw-r-- 1 user user 52428800 Aug 15 09:29 50M_1 -rw-rw-r-- 1 user user 10477568 Aug 15 09:29 50M_2
Work with Gluster to create and maintain a scale-out storage solution.
http://chauhan-rhce.blogspot.fi/2013/04/gluster-file-system-configuration-steps.html
Updates to the Red Hat Enterprise Clustering and Storage Management course
Set up high-availability services and storage.
Passed the exam!
https://www.redhat.com/wapps/training/certification/verify.html?certNumber=111-207-403
In a previous post while preparing for RHCSA I installed kvm post-installation, via the GUI.
But how to install, configure and use it only from the CLI?
http://virt-manager.org/page/Main_Page has some details
As a test-machine I’m using a server with Scientific Linux 6.2 (with virtualization enabled as seen by ‘cat /proc/cpuinfo|grep vmx’).
None of the Virtualization Groups are installed, as seen by ‘yum grouplist’. While doing that you’ll find four different groups. You can use
yum groupinfo "Virtualization Client"
or correspondingly to get more information about the group.
yum groupinstall Virtualization "Virtualization Tools" "Virtualization Platform" "Virtualization Client"
This installs a lot of things. Libvirt, virt-manager, qemu, gnome and python things.
lsmod|grep kvm service libvirtd start lsmod|grep kvm
This also sets up a bridge-interface (virbr0).
Now, how to install a machine or connect to the hypervisor?
How to get console?
ssh -XYC user@kvmserver virt-manager
did not work.
On the client you could try to do:
yum groupinstall "Virtualization Client" yum install libvirt virt-manager
Then start virt-manager and connect to your server. However this didn’t work for me either. Is virtualization needed on the client too?
Noit is not, first: check if Virtualization is enabled on the server. Look in /var/log/messages for
kernel: kvm: disabled by bios
If it says that you’ll need to go into BIOS / Processor Options / and enable Virtualization.
Then you can start virt-manager, check that you can connect to the KVMserver.
Copy a .iso to /var/lib/libvirt/images on the server.
Re-connect to the kvm-server in virt-manager.
Add a new VM called test. Using 6.2 net-install and NAT network interface. This may take a while.
Pointing the VM to kvm-server where a httpd is running (remember firewall rules) and an SL 6.2 is stored. Installing a Basic Server.
OK, we could use virt-manager, it’s quite straight-forward and doesn’t require any edits of config files at all.
To install a vm you use ‘virt-install’.
You can get lots of info from ‘virsh’
virsh pool-list virsh vol-list default virsh list virsh list-all virsh dumpxml test > /tmp/test.xml cp /tmp/test.xml /tmp/new.xml
Edit new.xml
change name to new and remove line with UUID
virt-xml-validate /tmp/new.xml virsh help create virsh create --file /tmp/new.xml virsh list
This creates a new VM that uses the same disk and setup. But, if you shut down this new domain, it will disappear from virsh list –all and the list. To keep it you need to define it first:
virsh define --file /tmp/new.xml virsh start new
This can become quite a bit more complicated. You would probably want to make clones (virt-clone) or snapshots (virsh help snapshot) instead of using the same disk file.
Making your own .xml from scratch looks fairly complicated. You could use ‘virt-install’ however.
virt-install --help virt-install -n awesome -r 1024 --vcpus 1 --description=AWESOME --cdrom /var/lib/libvirt/images/CentOS-6.2-x86_64-netinstall.iso --os-type=linux --os-variant=rhel6 --disk path=/var/lib/libvirt/images/awesome,size=8 --hvm
For this the console actually works while running ‘virt-install’ over ssh on the kvm-server.
To make edit to a vm over ssh:
virsh edit NAMEOFVM
Howdy!
In case you saw my previous posts I’ve been prepping for a RHCE course the last couple of weeks.
Here are the posts based on the objectives:
Odds are quite high that I’ve missed something or not gone deep enough into some subjects and for the record some subjects I decided to skip.
I’m taking the course over at Tieturi here in Helsinki and they have published the schedule for the course, with quite detailed outline.
This outline of the course can with benefit be used to see if you missed any terms or functions while going through the objectives.
I’ll go through the ones I find more interesting below:
-Internet Protocol and Routing
OK, well this is quite obvious, some commands:
ip addr ip route route add netstat -rn
-IPv6: Dynamic Interface Configuration
-IPv6: StaticInterface Configuration
-IPv6: Routing Configuration
You can add IPV6 specific lines in the ifcfg-device files in /etc/sysconfig/network-scripts/. See /usr/share/doc/initscripts*/sysconfig
Some settings can also go into /etc/sysconfig/network
–Netfilter Overview
-Rules: General Considerations
–Connection Tracking
-Network Address Translation (NAT)
-IPv6 and ip6tables
-Squid Web Proxy Cache
On client check what IP you get:
curl --proxy squid-server.example.com:3128 www.guldmyr.com/ip.php
On server install and setup squid:
yum install squid vi /etc/squid/squid.conf #add this line in the right place: acl localnet src 192.168.1.1/32 #allow port 3128 TCP in the firewall (use very strict access here) service squid start
On client:
curl --proxy squid-server.example.com:3128 www.guldmyr.com/ip.php
Beware that this is unsecure. Very unsecure. You should at least set up a password for the proxy, change the default port and have as limited firewall rules as possible.
-Simple Mail Transport Protocol
-Sendmail SMTP Restrictions
-Sendmail Operation
Symmetric uses a secret/password to encrypt and decrypt a message.
You can use GnuPG (cli command is ‘gpg’) to encrypt and decrypt a file symmetrically. Arguments:
–symmetric/-c == symmetric cipher (CAST5 by default)
–force-mdc == if you don’t have this you’ll get “message was not integrity protected”
There are many more things you can specify.
echo "awesome secret message" > /tmp/file gpg --symmetric --force-mdc /tmp/file #(enter password) #this creates a /tmp/file.gpg #beware that /tmp/file still exists #to decrypt: gpg --decrypt /tmp/file.gpg gpg: 3DES encrypted data gpg: encrypted with 1 passphrase awesome secret message
Uses a key-pair. A public key and a private key.
A message encrypted with the public key can only be decrypted with the private key.
A message encrypted with the private key can only be decrypted with the public key.
GnuPG can let you handle this.
Login with a user called ‘labber’:
gpg --gen-key # in this interactive dialog enter username: labber, e-mail and password # this doesn't always work, might take _long_time_, eventually I just tried on another machine echo "secret message" > /tmp/file gpg -e -r labber /tmp/file # enter password gpg --decrypt /tmp/file # enter password
To export the public key in ASCII format you can:
gpg --armor --output "key.txt" --export "labber"
However, how to encrypt a file with somebody else’s public key?
Consists of:
-Digital Certificates
A certificate has user details and the public key.
-Account Management
-Account Information (Name Service)
–Name Service Switch (NSS)
–Pluggable Authentication Modules (PAM)
-PAM Operation
-Utilities and Authentication
Basically a way to authenticate users. You can put different types of authentication ways behind PAM. So that a software only needs to learn to authenticate to PAM and then PAM takes care of the behind-the-scenes-work.
For example you can have PAM connect to an ldap-server.
CLI: authconfig
Files:
/etc/sysconfig/authconfig
/etc/pam.d/
/etc/sssd/sssd.conf
1st post – System Management and Configuration
Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:
User should be able to do the following for all these services:
You could possibly test this from Windows as well.
On linux it’s fairly straight-forward, you can use ntpd both as a client and as a server.
Check in /var/log/messages for details
The time-synchronization with ntpd is slow by design (to not overload or cause dramatic changes in the time set).
ntpdate is instant but it’s not recommended to be used. For example with ‘ntpdate -q’.
man ntp.conf
this then points to :
man ntp_acc
man ntp_auth
man ntp_clock
man ntp_misc
What’s a bit reverse for ntpd is that first you need to configure the server as a client
So that your local ntp-server gets good time from somewhere else. You can find a good time-server to use on www.pool.ntp.org
You only need to add one server line but for redundancy you should probably have more than one.
As an example with your client on 192.168.0.0/24 and server is on 192.168.1.0/24.
All you need to do is for the client part:
server ntp.example.com service ntpd restart ntpq -p
You need to add a restrict line in ntp.conf.
You also need to allow port 123 UDP in the firewall.
restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap service ntpd restart
Basically the same as the above for client, but you specify the address to your NTP-server instead of one from pool.ntp.org.
I believe this has been covered.
One extra thing you may want to check out is the ‘tinker’ command.
This is put on top of ntp.conf and more info are available in ‘man ntp_misc’.
However, most of the time you just need to wait a bit for the time change to come through.
There’s not much to go in logs on either server or client for ntpd. You’ll get messages in /var/log/messages though that says “synchronized” and when the service is starting.
You can also use tcpdump on the server to see if there are any packets coming in.
tcpdump -i eth0 -w /tmp/tcmpdump.123 -s0 'udp port 123 and host NTP.CLIENT.IP' # wait a while, restart ntpd on client tcpdump -r /tmp/tcmpdump.123 # this will then show some packets if you have a working communication between server and client
Start with the server still connecting to an ntp-server with good time.
You could then set the date and time manually on the server to something else. For example, let’s say the current time is 6 JUN 2012 17:15:00.
Set it to 15 minutes before:
date -s "6 JUN 2012 17:00:00" service ntpd restart
Also restart ntpd on the client, then wait, this will probably take a bit longer than before.
If you set the time manually to something too big it won’t work. You could then experiment with ‘tinker panic 0’
1st post – System Management and Configuration
Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:
User should be able to do the following for all these services:
To test from windows you can use putty.
But in linux you just need ssh for client and sshd for server.
man 5 sshd_config and this blogpost has an overview.
More info in man tcpd and man 5 hosts_access
Check that your daemon supports it:
which sshd ldd /usr/sbin/sshd|grep wrap
For this test, let’s say that the server you are configuring has IP/netmask 192.168.1.1/24 and that you have a client on 192.168.0.0/24
cat /etc/hosts.allow
sshd: 192.168.0.0/255.255.255.0 sshd: ALL : twist /bin/echo DEATH
The last row sends a special message to a client connecting from a non-allowed network.
cat /etc/hosts.deny
ALL: ALL
If you on the server with these settings try to do “ssh -v root@localhost” or “ssh -v root@192.168.1.1” you’ll get the message from twist.
If you in hosts.allow add:
sshd: KNOWN
You can log on to the localhost, but not if you add “LOCAL”.
If you add
sshd: 192.168.1.
you can log on from localhost to the public IP of the server.
1st post – System Management and Configuration
Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:
User should be able to do the following for all these services:
Hackmode has a good article about setting postfix for the first time.
To test that e-mail is working you can – tada – use an e-mail client.
You have lots of details in /usr/share/doc/postfix-N ( the path should be in /etc/postfix/main.cf )
In CLI (important to use ‘ and not “):
#hostname - record the output of this postconf -e 'myhostname = output from hostname in here' #hostname -d postconf -e 'mydomain = output from hostname -d in here' postconf -e 'myorigin = $mydomain' postconf -e 'inet_interface = all' postconf -e 'mydestination = $myhostname, localhost, $mydomain' postconf -e 'mynetworks = 127.0.0.0/8 [::1]/128, /32' postconf -e 'relay_domains = $mydestination' postconf -e 'home_mailbox = Maildir/'
To use it:
useradd -s /sbin/nologin labber passwd labber
Edit /etc/aliases and add:
labber: labber
Then run:
newaliases service postfix start service postfix status netstat -nlp|grep master
Send e-mail:
mail -s "Test e-mail here" labber@mydomain test123 .
The . at the end is quite nice, that stops the input.
Check e-mail:
cat /home/labber/Maildir/new/*
But, perhaps you want to check this out with a real e-mail client like thunderbird 10.
For this there needs to be a e-mail server that stores the e-mails on the server.
For this we can use ‘dovecot’
yum install dovecot service dovecot start
Thunderbird is quite nice, it will often tell you which setting is wrong.
You can use /var/log/maillog for details on the server-side (to see if you get connections at all for example).
To illustrate this feature we first need to add a second user/e-mail account:
useradd -s /sbin/nologin labrat passwd labrat echo "labrat: labrat" >> /etc/aliases newaliases service postfix restart service dovecot restart mail -s "test" labrat@mydomain
You need to send an e-mail to the e-mail address before you can add it in Thunderbird (because the user does not have a $HOME/Maildir until you do).
After the new user has been created and added to your e-mail client do the following:
cd /etc/postfix echo "labber@mydomain REJECT" >> sender_access postmap hash:sender_access echo "smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access" >> /etc/postfix/main.cf service postfix restart
Try:
If I understand this correctly to setup the above two we would need to have two servers.
1st post – System Management and Configuration
Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:
User should be able to do the following for all these services:
Testing an SMB server may be quite easy from Windows, but from Linux I suppose it’s a bit trickier.
The CLI client is called ‘smbclient’
The tool to set passwords: ‘smbpasswd’
You can also get some information with commands starting with ‘net’, for example ‘net -U username session’
testparm is another tool you can use to test that the config file – smb.conf – is not missing anything structural or in syntax.
The server is called ‘samba’.
There are more packages, for example ‘samba-doc’, samba4. You can find them by typing: ‘yum install samba*’
samba-doc installs lots of files in /usr/share/doc/samba*
1st post – System Management and Configuration
Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:
User should be able to do the following for all these services:
Testing an NFS server is generally easier from another linux-server.
1st post – System Management and Configuration
Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:
User should be able to do the following for all these services:
An ftp-server is also quite easy to test. You can test it from many web-browsers, telnet, ftp, lftp or a myriad of other clients.
1st post – System Management and Configuration
Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:
User should be able to do the following for all these services:
A DNS-server is quite easy to test as well, just point a client to the IP of your local DNS server and check /var/log/messages on the DNS-server.
1st post – System Management and Configuration
This post is about Network Services.
During all these exercises I try my hardest not to use google, as that’s not available during the exam anyway.
Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:
User should be able to do the following for all these services:
An htpasswd file contains users/passwords.
A .htaccess file points to the htpasswd
The .htaccess file is not the recommended way to set up authentication, instead you should do it in the Directory section of httpd.conf.
To get more information about httpd in general do:
yum install httpd-manual
Then surf to http://hostname/manual.
To generate a htpasswd:
[root@rhce webpages]# htpasswd -c /etc/httpd/conf/.htpasswd user New password: Re-type new password: Adding password for user user
Then add this .htaccess file:
AuthUserFile /etc/httpd/conf/.htpasswd AuthGroupFile /dev/null AuthName "Private Area" AuthType Basic AuthBasicProvider file Require user user
The s – means the httpd uses another port – 443 and that it uses certificates.
yum install mod_ssl
This adds /etc/httpd/conf.d/ssl.conf
That config file actually has a ‘listen’ directive for port 443.
So add that port in the firewall and restart httpd.
After that you can surf to https://ip and it will complain about the certificate (which is a default generated one).
This is can be used when you want to have several hostnames or domains on the same machine.
There’s some info in httpd.conf but there’s quite a lot in the manual via httpd-manual package.
To test this you could either put several IP addresses on the server or point several domains towards it (might be easiest, /etc/hosts). But in VMWare it’s very easy to just add another network interface.
and add this at the end:
NameVirtualHost *:80 ServerAdmin webmaster@dummy-host.example.com DocumentRoot /var/www/ww1.example.com ServerName ww1.example.com ServerAdmin webmaster@dummy-host.example.com DocumentRoot /var/www/ww2.example.com ServerName ww2.example.com
7. service httpd restart
Then on the client point your browser to and (add different index.html in each to make it easy to see).
I’d say this fall under the htpasswd section.
FOSwiki for example uses CGI. Perhaps it should be a custom CGI application, like a small hello-world script.
/var/www/cgi-bin is where CGI scripts are stored by default.
A simple .cgi script is just a perl script with another extension that outputs .HTML text.
Group-managed. So this would be somehow using the AuthGroupFile in .htaccess?
Or could be done by creating a new directory under www-root and give specific access to this directory. That means it can be managed by a unix group, (access is a different story however).
This is post 1 in a series of posts where I will be going through the objectives for the RHCE certifications. It builds on the initial post that has the objectives:
It appears that the objectives have been updated, at least if you compare between my post above and https://www.redhat.com/training/courses/ex300/examobjective
for example build a simple rpm is installs one package is not in the list.
I bet there are many blogs about this topic. I’m doing this quite a lot for myself, but maybe somebody else finds these useful.
This post will be about the section ‘System Configuration and Management’.
My setup: Core i7, 8GB RAM, Windows 7 x64, VMWare Workstation with CentOS installed.
Installing a fresh VM with 4 cores, 5GB RAM, virtualization and CentOS.
CentOS is a free clone of Red Hat, it’s missing some stuff (satellite for example) but it does the job for learning. You can find it in many places, for example here: http://www.nic.funet.fi/pub/Linux/INSTALL/Centos/6/isos/x86_64/
The part “Routing / NAT” will be tricky, as I do not have a second computer that I could use for this. Maybe I can get something working inside the virtual machines though, but for now I think I will skip these two and get straight into the other ones.
Edit /etc/sysctl.conf
Or use sysctl -w to set it temporary
For example one is: vm.overcommit_ratio
You can then do either of these to view the current setting:
cat /proc/sys/vm/overcommit_ratio sysctl vm.overcommit_ratio
To set it temporarily:
echo "60" > /proc/sys/vm/overcommit_ratio sysctl -w vm.overcommit_ratio="50"
To set each time on boot:
echo "vm.overcommit_ratio = 50" >> /etc/sysctl.conf
Waiting with this. Need to set up a KDC – kerberos service first.
This appears to be a bit complicated – the details below are about as simple as this can be made. There is a lot more nifty things that you can do with an rpm.
Would be nice to have a guide of this in for example /usr/share/doc
yum install rpm-build cd $HOME/rpmbuild mkdir {BUILD,RPMS,SOURCES,SPECS,SRPMS} mkdir GetIP cd GetIP
The “program”:
cat getip.sh #!/bin/bash wget -q http://guldmyr.com/ip.php -O/tmp/ip cat /tmp/ip
chmod +x getip.sh
Make an archive and put it in the SOURCES DIR:
cd $HOME/rpmbuild tar -cf GetIP.tar.gz GetIP mv GetIP.tar.gz SOURCES/
Edit a spec-file (do this as a normal user instead of root, it will show the default entries):
cd SPECS vi sample.spec
Make it look like this:
Name:GetIP Version:1.0 Release: 1%{?dist} Summary: Get an IP wooop Group: Development/Tools License: GPL URL: http://guldmyr.com/blog Source0: %{name}.tar.gz BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) BuildRequires:bash Requires:bash %description Get an IP woop! %prep %setup -n GetIP %build %install mkdir -p "$RPM_BUILD_ROOT/opt/GetIP" cp -R * "$RPM_BUILD_ROOT/opt/GetIP" %clean rm -rf "$RPM_BUILD_ROOT" %files /opt/GetIP %defattr(-,root,root,-) %doc %changelog
Then make an rpm:
rpmbuild -v -bb $HOME/rpmbuild/SPECS/sample.spec
Then as root:
cd /home/user/rpmbuild/RPMS/x86_64/ rpm -ivh GetIP-1.0-1.el6.x86_64.rpm
Then as normal user you can now execute the installed file:
/opt/getip/getip.sh
If you wonder about things – check this fairly unreadable blog post out.
Basically you want to use the $RPM_BUILD_ROOT in front of where you want to install the software. By default there are ‘make’, ‘configure’ and nothing in the ‘require’ entries. I removed the make, configured and just put ‘bash’ in the require entries, it seemed to do the trick though.
More info is also available on rpm.org – which recommend to use /usr/src/redhat for building packages.
Waiting with this. Need to set up an iSCSI target first.
sar -A
/etc/cron.d/sysstat
Well, this can be a lot of things and is quite hard to prepare for.
But I think a ‘for loop’ is a good thing to know about and can help with a lot of system maintenance tasks.
an input file with usernames:
[martbhell@rhce ~]$ cat /tmp/userlist bengt goran
a scriptfile:
[root@rhce ~]# cat usersndirs.sh #!/bin/sh userlist=/tmp/userlist for i in `cat $userlist`; do echo useradd $i; echo mkdir $i; done
Remove the “echo” to create the users.
Of course, you could also use the ‘newuser’ command (interactive or send a file).
This happens a lot I think: You get an idea that “hey, I can do this with a script”. But then a random amount of time later you find out that there is already a command that does this for you. That doesn’t mean the time spent is a total waste, hopefully you learned something while doing it. Maybe your script even does a better job than the new one you found.
syslog / rsyslog
man rsyslog.conf has an example for how to log to a remote machine
edit /etc/rsyslog.conf
add
To forward messages to another host via UDP, prepend the hostname with the at sign ("@"). To forward it via plain tcp, prepend two at signs ("@@"). To forward via RELP, prepend the string ":omrelp:" in front of the hostname. Example: *.* @@192.168.0.8
Set the IP to the machine that will be receiving the logs.
So this step you may want to do before the previous step (unless you already have a working syslogd server).
You edit /etc/rsyslog.conf
and uncomment the “reception” parts (don’t forget firewall and restart service).
To test try to “su -” with the wrong password and then check in /var/log/secure on the loghost.
“To create a private repository you should proceed as follows: – Install the createrepo software package – Create a <directory> where files can be shared (via FTP or HTTP) – Create a subdirectory called Packages and copy all packages to be published in Packages – run createrepo -v <directory>”
Just tried out the “Red Hat Skills Assessment” for RHCE.
These are apparently the ones I need to work on:
But the assessment doesn’t say which questions I missed, so it could be that some of the ones with “Deep Understanding” I could have gotten enough answers right by guessing. Best to not answer if you don’t know so you get a better pointer at what to look at?
Previous post:
http://www.guldmyr.com/blog/how-to-update-spotify-on-rhel6-x64-native-client/
Installed spotify-client-0.8.2.637.g252b980.486-2.x86_64.rpm – this is converted from the .deb package that is downloaded from: http://repository.spotify.com/pool/non-free/s/spotify/
you convert with ‘alien’ and this command:
alien --to-rpm spotify-client_0.8.2.637.g252b980.486-1_amd64.deb
To install you need to uninstall first:
rpm -ev spotify-client rpm -ivh Downloads/Spotify/spotify-client-0.8.2.637.g252b980.486-2.x86_64.rpm error: Failed dependencies: libcef.so()(64bit) is needed by spotify-client-0.8.2.637.g252b980.486-2.x86_64 libcrypto.so.0.9.8()(64bit) is needed by spotify-client-0.8.2.637.g252b980.486-2.x86_64 libcrypto.so.0.9.8(OPENSSL_0.9.8)(64bit) is needed by spotify-client-0.8.2.637.g252b980.486-2.x86_ libssl.so.0.9.8()(64bit) is needed by spotify-client-0.8.2.637.g252b980.486-2.x86_64 libssl.so.0.9.8(OPENSSL_0.9.8)(64bit) is needed by spotify-client-0.8.2.637.g252b980.486-2.x86_64
OK, that didn’t work so well.
Install:
# rpm -ivh --nodeps Downloads/Spotify/spotify-client-0.8.2.637.g252b980.486-2.x Preparing... ########################################### [100%] 1:spotify-client ########################################### [100%]
You’ll get errors while trying to start spotify:
spotify spotify: error while loading shared libraries: libnss3.so.1d: cannot open shared object file: No such file
What you need to do is create symlinks:
ln -s /usr/lib64/libnss3.so /usr/lib64/libnss3.so.1d ln -s /usr/lib64/libnssutil3.so /usr/lib64/libnssutil3.so.1d ln -s /usr/lib64/libsmime3.so /usr/lib64/libsmime3.so.1d yum -y install nspr nspr-devel ln -s /usr/lib64/libplc4.so /usr/lib64/libplc4.so.0d ln -s /usr/lib64/libnspr4.so /usr/lib64/libnspr4.so.0d
However, it still crashes when I try to right-click on an app – but now it has apps :)
Only one day late!
I actually started installing this on the 8th but I forgot to install it to hdd so the ‘yum update’ failed and broke the machine with I/O errors :)
Installing it in a VMWare Workstation (fedora 64-bit type, 2, cores, 4G RAM, 20G disk).
http://fedoraproject.org/wiki/Test_Day:2012-03-08_OpenStack_Test_Day
http://fedoraproject.org/wiki/QA:Testcase_install_OpenStack_packages – No problem.
http://fedoraproject.org/wiki/QA:Testcase_setup_OpenStack_Nova –
Says that if you are doing this in a VM you need to “configure nova to use qemu without KVM and hardware virtualization:”. This is not true, as VMWare Workstation 8 has virtualization pass-through.
[root@localhost mart]# vgcreate nova-volumes $(sudo losetup --show -f /var/lib/nova/nova-volumes.img) No physical volume label read from /dev/loop0 Writing physical volume data to disk "/dev/loop0" Physical volume "/dev/loop0" successfully created Volume group "nova-volumes" successfully created
openstack-nova-db-setup
Gives this error, which already is reported:
Verified connectivity to MySQL. Creating 'nova' database. Asking openstack-nova to sync the databse. 2012-03-09 07:28:26 WARNING nova.utils [-] /usr/lib/python2.7/site-packages/nova/db/sqlalchemy/migrate_repo/versions/075_convert_bw_usage_to_store_network_id.py:49: SADeprecationWarning: useexisting is deprecated. Use extend_existing. useexisting=True) 2012-03-09 07:28:28 WARNING nova.utils [-] /usr/lib/python2.7/site-packages/nova/db/sqlalchemy/migrate_repo/versions/081_drop_instance_id_bw_cache.py:40: SADeprecationWarning: useexisting is deprecated. Use extend_existing. useexisting=True) Complete!
[root@localhost nova]# ADMIN_PASSWORD=$OS_PASSWORD openstack-keystone-sample-data The default service password has been detected. Please consider setting an actual password in environment variable SERVICE_PASSWORD
But after that it generates users.
No problems, should ‘glance index’ return anything at this stage?
No problems.
No problems, just do exactly what the instructions say (don’t try to be smart and put them in .sh files for example :P).
At this point the wiki went down :/
[root@localhost ~]# glance add name=f16 is_public=true disk_format=qcow2 container_format=ovf copy_from=http://berrange.fedorapeople.org/images/2012-02-29/f16-x86_64-openstack-sda.qcow2 Failed to add image. Got error: Unexpected response: 500 Note: Your image metadata may still be in the registry, but the image's status will likely be 'killed'.
Yes, this is where it fall short. Manpage for clance doesn’t even have the ‘copy_from’. Maybe it could be downloaded? ‘glance index’ doesn’t work either.
[root@localhost ~]# glance index Failed to show index. Got error: Internal Server error: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/eventlet/wsgi.py", line 336, in handle_one_response result = self.application(self.environ, start_response) File "/usr/lib/python2.7/site-packages/webob/dec.py", line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File "/usr/lib/python2.7/site-packages/webob/dec.py", line 210, in call_func return self.func(req, *args, **kwargs) File "/usr/lib/python2.7/site-packages/glance/common/wsgi.py", line 279, in __ response = req.get_response(self.application) File "/usr/lib/python2.7/site-packages/webob/request.py", line 1086, in get_re application, catch_exc_info=False) File "/usr/lib/python2.7/site-packages/webob/request.py", line 1055, in call_a app_iter = application(self.environ, start_response) File "/usr/lib/python2.7/site-packages/keystone/middleware/auth_token.py", lin valid = self._validate_claims(claims) File "/usr/lib/python2.7/site-packages/keystone/middleware/auth_token.py", lin return self._validate_claims(claims, False) File "/usr/lib/python2.7/site-packages/keystone/middleware/auth_token.py", lin self.admin_password) File "/usr/lib/python2.7/site-packages/keystone/middleware/auth_token.py", lin return json.loads(data)["access"]["token"]["id"] File "/usr/lib64/python2.7/json/__init__.py", line 326, in loads return _default_decoder.decode(s) File "/usr/lib64/python2.7/json/decoder.py", line 366, in decode obj, end = self.raw_decode(s, idx=_w(s, 0).end()) File "/usr/lib64/python2.7/json/decoder.py", line 384, in raw_decode raise ValueError("No JSON object could be decoded") ValueError: No JSON object could be decoded [root@localhost ~]# cd images/ [root@localhost images]# ls aki-tty ami-tty ari-tty [root@localhost images]# http://berrange.fedorapeople.org/images/2012-02-29/f16- x86_64-openstack-sda.qcow2^C [root@localhost images]# glance add name=aki-tty is_public=true container_format =aki disk_format=aki < aki-tty/image =================================================[100%] 7.79M/s, ETA 0h 0m 0s =[ 2%] 1.25M/s, ETA 0h 0m 3s Failed to add image. Got error: You are not authorized to complete this action. Details: 401 Unauthorized This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or yo ur browser does not understand how to supply the credentials required. Note: Your image metadata may still be in the registry, but the image's status w =================================================[100%] 20.9M/s, ETA 0h 0m 0s [root@localhost images]#
Stuck!
http://www.cromwell-intl.com/unix/linux-break-in-howto.html
On RHEL 6.2-based systems (like Scientific Linux 6.2):
edit /etc/sysconfig/init
# Set to ‘/sbin/sulogin’ to prompt for password on single-user mode
# Set to ‘/sbin/sushell’ otherwise
Like this:
SINGLE=/sbin/sulogin
Then if you add an ‘s’ to the grub entry when the server boots it will ask you for a password , or hit ctrl-d. Ctrl-d makes the server enter normal boot (telinit *).
Should all linux machines be installed this way? To me this sounds like a definite deal, especially if you have the console physically or remotely accessible.
CentOS 5.8 was released today 8th of March.
http://wiki.centos.org/Manuals/ReleaseNotes/CentOS5.8
You can download it from many mirrors, for example from FUNET: http://ftp.funet.fi/pub/Linux/INSTALL/Centos/
It installs just fine on an HP DL360 G7 with P410 and P411 controller.
CentOS has as far as I understand been slower at releasing updates than Scientific Linux (for example 6.2 was out 5 days earlier on SLC than on CentOS), this was not the case today though, SLC 5.8 is not available yet. Why?
Compare release dates here:
http://en.wikipedia.org/wiki/CentOS#Release_history
http://en.wikipedia.org/wiki/Scientific_linux#Release_history
There’s a couple of places (naturally).
It’s easy to be fooled and think: “anybody can type man man”. But in all fairness, you need to figure out which man page to look into, or what command to run and sometimes it’s just a blank.
In RHEL there is /usr/share/doc where there are some special places, for example /usr/share/doc/initscripts*/sysconfig.txt for all config files that relate to the boot-up process.
There is also /usr/share/man. In /usr/share/man/man5 which has all the level 5 man pages in gzip format. For example “man 5 yum.conf” you can find in /usr/share/man/man5/yum.conf.5.gz.
To open a man page you just type ‘man yum’. To get the man page for yum, or ‘man man’ for the manual for man.
To search through man-pages you can use either of these (they are the same):
man -k yum apropos yum
While inside a man-page you can search by typing:
/
and then what you want to search for
and then ENTER.
Like this: /priority
This will hilight all the matched entries, you move to the next match with ‘n’.
This might differ between operating systems, it depends on which viewer is used to present the man page.
Sometimes these don’t find what you are looking for.
In that case you could manually move into /usr/share/man/man5 and hit:
zgrep priority *
to grep through the gzip files looking for any entries that says ‘priority’.
or, if you want to you could use this to search through all directories:
find . -name "*"|xargs zgrep -i priority
or even better (if you’re not looking for a language specific man page):
find /usr/share/man* -name "*"|xargs zgrep -i gpgcheck
These are all relatively slow though, if you read this and have any suggestions please let me know :)
I just received the EXAM results. This was on Sunday at around 1500 Finnish time. About three days after I took the exam, these guys must be working on the weekend to check the results!
Result: 300/300!
Wow, there’s lots of it in there.
Some of it is about networking and a lot about individual services.
I haven’t actually planned to go get the exam soon, but I think just going through these objectives will make me better at Linux. Anyway, if I pass the RHCE, that extends the RHCSA expiration automagically.
This is going to take a while to do. I will update this post as I progress through the sections.
This is a copy of the objectives from https://www.redhat.com/certification/rhce/objectives/
For the two above I think I need to use another machine. Maybe the IBM T40 could be of some use again. Install SLC via USB maybe! /2011 12 18: update: Nope, T40 didn’t like booting like that. So, booting via DVD instead. But, maybe I can boot via the small CD and then load the files off of an NFS-server instead. Turns out the CPU in my laptop does not have PAE and thus cannot install anything after RHEL5(possibly) with the default isos. There is a guide on scientificlinux.com that tells you how to do it via a fedora netinstall iso.
Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:
RHCE candidates should also be capable of meeting the following objectives associated with specific services:
Just did the exam.
Not bad at all, I really enjoyed this hands-on exam.
Great way to test someone’s skills, although I thought it would be harder. But maybe I got lucky with the tasks.
I believe this RHCSA Rapid Track (along with My Own Preparation ™) and learning how to work inside a terminal/console is enough.
Can’t wait until next week to find out how it went!
Last day!
A little more kickstarting, LVM – logical volume management and File ACL.
Then a rehearse of the previous chapters.
Feeling a bit excited about tomorrow!
These ACL were a bit more complex than I thought, but they could be made very complicated if you want to. But there’s the default ACL and then there’s the normal ones. Chmod +s for sticky bits.
Also got a 4GB USB pen that does about 4.4MB/s :p
Some important ones:
mount -o remount,rw / /usr/share/doc/initscripts*/sysconfig.txt kernel-doc package and /usr/share/doc/kernel-* rpm -qd; rpm -qc
Some important but not importantest:
getsebool -a setsebool -P usermod -a sssd - service that caches authentication stuff
Automounter
/etc/auto.master ->
/home/guests /etc/auto.guests
/etc/auto.guests ->
* -rw nfsserver:/path/to/mount/on/home/guests/&
If on nfsserver there is an nfsshare that is: /path/to/mount/on/home/guests/
and in there you have home directories for users. Then this will automount these directories when anybody tries to access them. Same concept as doing:
ls /net/nameofnfsserver/