Tuesday 22 October 2013

Upgrade / Install Red Hat Satellite v5.6


  • Documentation:  https://access.redhat.com/site/documentation/Red_Hat_Satellite/
  • Installation Media:  https://rhn.redhat.com/rhn/software/channel/downloads/Download.do?cid=18952
  • RHN Software Channel:   
  • New Satellite Certificate:   https://access.redhat.com/home under Subscriptions → RHN Classic → Entitlements.

Problems with the Official Documentation

  • Manual says to install "rhn-upgrade" package from the "Red Hat Satellite Channel" but it does not say which version of the channel, 5.5 or 5.6.  I am going to assume that the upgrade will subscribe an RHN Connected Red Hat Satellite Server to the new Software Channel, there this must be the ?
  • The upgrade installs the "postgres" package for you but you need the directory /var/lib/pgsql to be owned by postgres with group of postgres and a mode of 0700 and the SELinux context set to "".  Maybe it is easy to pre-emptively install postgres?

Upgrade Red Hat Satellite

"Chapter 6. Upgrades"  of the "Red Hat Satellite 5.6 Installation Guide" covers this process in detail.  My summary is as follows:

  • Update RHEL.
  • Ensure there are no outstanding Red Hat Satellite database schema updates. 
  • Ensure that when the directory /var/lib/pgsql comes to exist it will have sufficient free space to accommodate the equivalent contents of /rhnsat.
  • Install "postgres" package to ensure the correct permissions before the Red Hat Satellite installer can complain about it.
  • Upgrade as per the manual
  • Rebuild the Cobbler Distro Trees:  /etc/sysconfig/rhn/satellite-upgrade/scripts/regenerate-repodata -a
  •  


hmm....sorry run out of time tonight.  maybe later this week!
Posted by at No comments:

Monday 21 October 2013

Red Hat Satellite Integrity Checker

Setup a regular job to test the integrity of the Satellite's database records and the RPM repository.  spacewalk-data-fsck comes with Red Hat Satellite and it does not produce much output even with the verbose switch.  It really does take a whole day to run so schedule it accordingly.

I use the "-r" switch so it deletes any stray packages that are no-longer in the database.  I don't know if that can get someone into trouble on some edge case with custom packages or something.  The "satellite-sync" is run after to replace any packages that were deleted because there was a consistency issue with either the database record or the package itself.

cat <<EOF > /usr/local/sbin/satellite-integrity-checker.sh
#!/bin/bash

spacewalk-data-fsck -v -r &>/tmp/spacewalk-data-fsck.output
satellite-sync &>/tmp/satellite-sync.output

EOF

chmod 755 /usr/local/sbin/satellite-integrity-checker.sh
ln -s
/usr/local/sbin/satellite-integrity-checker.sh /etc/cron.weekly/



Posted by at No comments:

Saturday 17 August 2013

Handbrake for RHEL6

I failed to build Handbrake v0.9.9 myself so I went looking for someone else's solution.  For the record I could not resolve some Gtk dependencies and I really wanted the GUI so I gave up!

I found Linux Tech was hosting Handbrake v0.9.9.8 in a testing repository.  I already had EPEL6 via Satellite and I have "atrpms" defined but I did not use their repository for this project.  Note I leave these extra repositories disabled by default to reduce the package update noise.

The Linux Tech repos are below for you reference.  Just execute the following command and you too can be off transcoding DVB recordings into formats suitable for Apple, PS3, Android, etc.

yum --enablerepo=linuxtech-testing --enablerepo=linuxtech install handbrake-gui

::::::::::::::
/etc/yum.repos.d/atrpms.repo
::::::::::::::
[atrpms]
name=ATRPMS for RHEL 6 x86_64
baseurl=http://dl.atrpms.net/el6-x86_64/atrpms/stable/
enabled=0
gpgcheck=0

::::::::::::::
/etc/yum.repos.d/linuxtech-testing.repo
::::::::::::::
[linuxtech-testing]
name=LinuxTECH Testing
baseurl=http://pkgrepo.linuxtech.net/el6/testing/
enabled=0
gpgcheck=1
gpgkey=http://pkgrepo.linuxtech.net/el6/release/RPM-GPG-KEY-LinuxTECH.NET

[linuxtech]
name=LinuxTECH
baseurl=http://pkgrepo.linuxtech.net/el6/release/
enabled=0
gpgcheck=1
gpgkey=http://pkgrepo.linuxtech.net/el6/release/RPM-GPG-KEY-LinuxTECH.NET


Posted by at No comments:

Wednesday 10 July 2013

httracker on RHEL6

References
HTTrack is a free (GPL, libre/free software) and easy-to-use offline browser utility.

It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack arranges the original site's relative link-structure. Simply open a page of the "mirrored" website in your browser, and you can browse the site from link to link, as if you were viewing it online. HTTrack can also update an existing mirrored site, and resume interrupted downloads. HTTrack is fully configurable, and has an integrated help system.

To install it on RHEL 6:
  1. As the root user.....
  2. yum groupinstall development
    yum install zlib-devel openssl-devel
  3. Download and unpack the tar-ball from the web site.
  4. cd <unpacked_directory>
  5. ./configure
  6. Check that all the dependencies were meet.
  7. make
  8. make test
  9. make install
 As a regular user execute the command httracker which will start the tool in interactive mode. 
httacker --continue  - to resume a mirror operation that you interrupted.
httacker --update - to bring your local mirror up to date with the original.

Fabulous tool.
Posted by at No comments:

Monday 8 July 2013

Get YUM to automatically import a GPG key


Reference: https://access.redhat.com/site/solutions/47159

Drop your GPG key using your favourite file distribution and update system (Red Hat Satellite, Puppet, Chef) into the directroy:

            /etc/pki/rpm-gpg/

Next time yum runs and has check GPG Keys enabled it will automatically import keys from this directory.
Posted by at No comments:

Saturday 6 April 2013

IPA installation on RHEL6

References

Instructions

• Single user mode.
chkconfig NetworkManager off; service NetworkManager stop
• chkconfig NetworkManagerDispatcher off; service NetworkManagerDispatcher stop
• Configure networking with static IP
[root@deploy network-scripts]# cat ifcfg-eth0
DEVICE=eth0
HWADDR=a1:b1:c1:d1:e1:f1
TYPE=Ethernet
UUID=aaaaaaaaaaaaaaaaaaaaaaaaa
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=none
IPADDR=192.168.122.2
NETMASK=255.255.255.0

[root@deploy network-scripts]# cat ifcfg-eth1
DEVICE=eth1
HWADDR=a2:b2:c2:d2:e2:f2
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=none
IPADDR=192.168.100.2
NETMASK=255.255.255.0

• Configure the /etc/hosts file to list the FQDN for the IdM server before any aliases. Also ensure that the hostname is not part of the localhost entry.
• Configure the default gateway in /etc/sysconfig/network
• Configure the nameserver in /etc/resolv.conf
rhn_register
yum update
yum install ipa-server bind bind-dyndb-ldap
• The follwoing is run in interactive mode so that the passwords are not entered as parameters and stored in history:
 ipa-server-install --hostname=ipa.spud.net -n spud.net -r SPUD --forwarder=8.8.8.8 --setup-dns
for p in 88 464 53 123; do iptables -A INPUT -p udp -m state --state NEW -m udp --dport $p -j ACCEPT; done
for p in 80 443 389 636 88 464 53; do iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport $p -j ACCEPT; done
service iptables save
service sshd restart
kinit admin
ipa user-find admin
• Firefox https://<ipaserver>/ -- login in as the Admin user. Add a user. Add a DNS host to the correct DNS Zone.

Output messages at the end of running the ipa-server-install command

Global DNS configuration in LDAP server is empty
You can use 'dnsconfig-mod' command to set global DNS options that
would override settings in local named.conf files

Restarting the web server
==============================================================================
Setup complete

Next steps:
1. You must make sure these network ports are open:
TCP Ports:
* 80, 443: HTTP/HTTPS
* 389, 636: LDAP/LDAPS
* 88, 464: kerberos
* 53: bind
UDP Ports:
* 88, 464: kerberos
* 53: bind
* 123: ntp

2. You can now obtain a kerberos ticket using the command: 'kinit admin'
This ticket will allow you to use the IPA tools (e.g., ipa user-add)
and the web user interface.

Be sure to back up the CA certificate stored in /root/cacert.p12
This file is required to create replicas. The password for this
file is the Directory Manager password

Posted by at No comments:

Sunday 24 March 2013

Anonymous FTP server on RHEL6 with SELinux enforcing

Alternate solutions
Outline of Steps
  1. Create a new filesystem for the ftp server.
  2. Set the SELinux context.
  3. Install the ftp server.
  4. Configure the server. 
  5. Change the ftp user's home directory to the new filesystem.
  6. Add iptables rules.
  7. Start the firewall on boot.
  8. Restart the firewall.
  9. Start the FTP server on boot.
  10. Start the FTP server now.
lvcreate -L 30G -n FTP HelpDeskRHEL6
mkfs.ext4 -m0 -L FTP /dev/mapper/HelpDeskRHEL6-FTP
mkdir /ftp
echo 'LABEL=FTP /ftp ext4 defaults 1 3' >> /etc/fstab
mount /ftp
mkdir /ftp/public
cd /ftp/public
mkdir upload Documentation InstallMedia kickstart

yum install policycoreutils-python
semanage fcontext -a -t public_content_t /ftp
# stepping over the "lost+found" directory at the top of the /ftp filesystem
semanage fcontext -a -t public_content_t '/ftp/pub(/.*)?'
semanage fcontext -a -t public_content_rw_t '/ftp/pub/upload(/.*)?'
restorecon -R -v '/ftp'
ls -alZ /ftp
setsebool -P allow_ftpd_anon_write=1

yum install vsftpd

cp /usr/share/doc/vsftpd-*/EXAMPLE/INTERNET_SITE_NOINETD/vsftpd.conf /etc/vsftpd/vsftpd.conf
Adjust the values if necessary.  In my case I changed the following:
max_clients=10
write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_umask=022
anon_max_rate=0
anon_umask=022

usermod -d /ftp/pub ftp


Load the FTP conneciton tracking module for iptables in the file /etc/sysconfig/iptables-config
IPTABLES_MODULES=”ip_conntrack_ftp”
Add the firewall rule to allow "active" FTP connecitons in the file /etc/sysconfig/iptables
-A INPUT -m state –state NEW -m tcp -p tcp –dport 21 -j ACCEPT

chkconfig iptables on

service iptables restart

chkconfig vsftpd on
service vsftpd start


Posted by at No comments:

Saturday 9 February 2013

Dia to PDF 

Using Dia version 0.97.1
 
 
When creating landscape network diagrams I found that when converting to PDF with 'ps2pdf'. 
There are 2 problems:
  1. The '.eps' file still has "PORTRAIT" on the "ORIENTATION" line. Change this to "LANDSCAPE".
  2. The diagram needs "cropping" to make it fit the page properly. 

    ps2pdf -dEPSCrop network.eps
Posted by at No comments:
Subscribe to: Posts (Atom)