Posts

Showing posts from 2014

Unable to save Create Reverse DNS record for mydomain.com task failed with the following error: ERF12-2357 [ProxyAPI::ProxyException]: Unable to set DNS entry ([RestClient::BadRequest]: 400 Bad Request) for proxy https://mydomain.com:8443/dns

Apply to Katello,Satellite and Foreman "Unable to save Create Reverse DNS record for mydomain.com task failed with the following error: ERF12-2357 [ProxyAPI::ProxyException]: Unable to set DNS entry ([RestClient::BadRequest]: 400 Bad Request) for proxy https://mydomain.com:8443/dns" This is the network we are using for this example: Network 192.168.122.x The error we are getting is caused for a misspelling of the reverse zone resolution when we active the dns as you can see in this example the dns-reverse is 13.17.172 instead of 122.168.192 katello-installer -v --capsule-dns true --capsule-dns-interface eth0 --capsule-dns-zone example.com --capsule-dns-forwarders 192.168.122.4 --capsule-dns-reverse 13.17.172.in-addr.arpa  Looking in the messages logs this is the error we get named: client 127.0.0.1#51110/key rndc-key: signer "rndc-key" approved named: client 127.0.0.1#51110/key rndc-key: updating zone 'example.com/IN': adding an RR at '

Katello Disconnected Utility

NAME  katello-disconnected - Tool for fetching content from CDN SYNOPSIS katello-disconnected [global_options] [subcommand [options]] Possible commands are: setup set pulp configuration (oauth is required) import import a manifest list list all or enabled repositories enable enable particular repository or all repos disable disable particular repository or all repos configure create and configure repositories in pulp sync start synchronizing all or particular repos watch watch synchronization progress export export all or particular repos refresh redownload repository information from CDN clean remove all repositories from pulp DESCRIPTION The katello-disconnected script communicates with pulp instance using REST and OAuth to synchronize repositories ex

Manually configurating a client to use a Capsule

Manually configurating a client to use a Capsule To manually configure a client to use a Capsule for yum content, during registration: subscription-manager register --org="Default_Organization" --environment="Library" --baseurl="https://mycapsule.example.com/pulp/repos" or after a Content Host is already registered: subscription-manager config --rhsm.baseurl="https://mycapsule.example.com/pulp/repos" alternatively you can simply set the ‘baseurl’ option in /etc/rhsm/rhsm.conf to “https://mycapsule.example.com/pulp/repos”.

Manually syncing your Capsules On Satellite 6 and Katello

Manually syncing your Capsules On Satellite 6 and Katello You can manually syncronize a Capsule using Hammer:  Execute the following command in you satellite o katello server to enter to hammer shell  #hammer shell  Provide you username of you katello or satellite and password After that please execute the following command: #hammer -u admin -p password capsule content synchronize --name mycapsule.example.com  to syncronize only a single Lifecycle Environment:  #hammer -u admin -p password capsule content synchronize –name=mycapsule.example.com –environment=Production Automatic syncing of Capsules Whenever new content is available within a Lifecycle Environment, whether that be from syncing, publishing a Content View, or promoting a Content View, a Capsule sync is initiated to sync that content to the Capsule. You can find these tasks under on the Monitor > Tasks page once one of those three actions have completed.

How to create activation key and add the subcription and host collection via command hammer for Satellite 6 and Katello

Login into you katello or satellite [root@satellite ~]# hammer shell [Foreman] username: admin [Foreman] password for admin: Welcome to the hammer interactive shell Type 'help' for usage information get the organization list ---|----------------------|----------------------|---------------------------------- ID | NAME                 | LABEL                | DESCRIPTION                      ---|----------------------|----------------------|---------------------------------- 1  | Default_Organization | Default_Organization | Default_Organization Organization ---|----------------------|----------------------|---------------------------------- Create the new activation key activation-key create --name test --organization-id 1 --unlimited-content-hosts Get the id for the new activation key hammer> activation-key list --organization-id 1 ---|------|----------|-----------------------|------------- ID | NAME | CONSUMED | LIFECYCLE ENVIRONMENT | CONTENT VIEW ---|------|-------

Docker Basic Commands

Show Version of Docker #docker version Remove all stopped containers. #docker docker rm $(docker ps -a -q) This will remove all stopped containers by getting a list of all containers with docker ps -a -q Remove all untagged images In the process of running docker you can accumulated several images that are not tagged. To remove these I use this command: #docker rmi $(docker images | grep "^<none>^" | awk "{print $3}") Search docker images from the docker hub #docker search <image name> Pull a docker images #docker pull <image name> Run a container #docker run <container image>  command  example: docker run fedora echo "hello world"

multipath -ll show different info that multipath -l with the same path

When i run a multipath -ll is show me the following: -bash-3.2# multipath -ll mpath99 (360060e80166c750000016c7500000e7c) dm-7 HITACHI,OPEN-V mpath29 (360060e80166d580000016d58000002f5) dm-8 HITACHI,OPEN-V [size=70G][features=1 queue_if_no_path][hwhandler=0][rw] \_ round-robin 0 [prio=1][active] \_ 3:0:2:0 sdag 66:0 [active][ready] \_ 5:0:2:0 sdbu 68:128 [active][ready] 68:32 [active][ready] When i run the command multipath -l in the mpath 29 that is a new lun show me only the following. -bash-3.2# multipath -l mpath29 mpath99 (360060e80166c750000016c7500000e7c) dm-7 HITACHI,OPEN-V [size=210G][features=1 queue_if_no_path][hwhandler=0][rw] \_ round-robin 0 [prio=0][active] \_ 3:0:1:0 sdaf 65:240 [active][undef] \_ 5:0:1:0 sdbt 68:112 [active][undef] This issue has been resolved by removing bindings file

Storage problems after changing Raid Controller on server

To resolve this, we will need to resume the lvm volumes that were manually suspended relocate the multipath bindings file from /var to /etc. mkdir /etc/multipath mv /var/lib/multipath/bindings /etc/multipath Edit /etc/multipath.conf and add the following to the defaults stanza: defaults { user_friendly_names yes bindings_file "/etc/multipath/bindings" }

how to create a SSL certificate with a kickstart on the installation.

One solution is use this script for generate a self-sign certificate and adapt the values to you necessities. %post cd /etc/ssl/certs #!/bin/bash domain=server.redhat.com <--Specify you hostname and domain commonname=$domain #Change to your company details <--- Change according with you company information. country=US state=Texas locality=Brownsville organization=example organizationalunit=data email=administrator@example.com #Optional password=password if [ -z "$domain" ] then echo "Argument not present." echo "Useage $0 [common name]" exit 99 fi echo "Generating key request for $domain" #Generate a key openssl genrsa -des3 -passout pass:$password -out $domain.key 2048 -noout #Remove passphrase from the key. Comment the line out to keep the passphrase echo "Removing passphrase from key" openssl rsa -in $domain.key -passin pass:$password -out $domain.key #Create the request echo "Creating CSR"

Satellite 6 or Katello : How to add Puppet Module repository from PuppetForge?

From the gui 1.- Content-->Products--> New Product 2.- Fill the Following: Name: PuppetForge Label: is automatic fill for you Save the information 3.-Select the new product created 4.- Choice the Tab Repositories and Press the button create a new repository 5.- Fill the following: Name : Puppet Forge Repo Label: Puppet_Forge_Repo Type: Puppet URL:https://forge.puppetlabs.com/ Publish via HTTP Save it 6.- Now with the new repository created just click the button sync now for start the syncronization of the repo Via command shell you need to make the following procedure: 1.- Connect to you satellite server via ssh #ssh root@satellite.example.com 2.- Run the following command to enter in hammer shell hammer --username <admin user of satellite> --password <password> 3.- Get the organization id that you want to create the new product hammer> organization list ID NAME LABEL DESCRIPTION 1 Default_Organization Default_Organiza

How disable IPv6 query in the DNS 

How disable IPv6 query in the DNS  In the /etc/named.conf add line: listen-on-v6 {"none";}; The listen-on-v6 option is used to specify the interfaces and the ports on which the server will listen for incoming queries sent using IPv6. default { any; }
How to convert .ps file to pdf file and protected by password You need to install ghostscript yum install ghostscript After install ghostscript run the following command: ps2pdf14 -dEncryptionR=3 -dKeylegth=128 -sOwnerPassword=mypassword -sUserPassword=mypassword input.ps output.pdf Also you can use the following if you want compatibility with old version of Adobe Reader ps2pdf12 - Convert PostScript to PDF 1.2 (Acrobat 3-and-later compatible) using ghostscript ps2pdf13 - Convert PostScript to PDF 1.3 (Acrobat 4-and-later compatible) using ghostscript ps2pdf14 - Convert PostScript to PDF 1.4 (Acrobat 5-and-later compatible) using ghostscript
Image
Why RHEV guests fails when booting via PXE + dnsmasq? Adding the following line to dnsmasq.conf resolves the issue dhcp-no-override Root Cause A potential issue may exist when trying to find the boot filename when using gPXE + dnsmasq. --dhcp-no-override (IPv4 only) Disable re-use of the DHCP servername and filename fields as extra option space. If it can, dnsmasq moves the boot server and filename information (from dhcp-boot) out of their dedicated fields into DHCP options. This make extra space avail‐ able in the DHCP packet for options but can, rarely, confuse old or broken clients. This flag forces "simple and safe" behaviour to avoid problems in such a case.
CIDR format table in Postfix doesn't work. Postfix supports CIDR tables but it is not required to run postmap command on /etc/postfix/network_table file. CIDR format is just a text format. It is not required to transform it to another format. To enable a CIDR table, create a file with the network enties which should be allowed or denied access to the mail server # cat /etc/postfix/network_table # Rule order matters. Put more specific whitelist entries # before more general blacklist entries. 127.0.0.0/8 OK 10.0.0.0/24 OK 192.168.0.0/24 OK 172.16.0.0/24 REJECT Add following lines in /etc/postfix/main.cf mynetworks = cidr:/etc/postfix/network_table smtpd_client_restrictions = cidr:/etc/postfix/network_tabl Restart postfix service # service postfix restart For more information on cidr_table consult the man page man cidr_table .
How to allow a "ICMP Echo Request" on the zone drop of firewalld As workaround you can try add into /etc/rc.local firewall-cmd --direct ipv4 -A IN_drop_allow -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT Because for the zone definition: drop   Any incoming network packets are dropped, there is no reply. Only outgoing network connections are possible. This zone not allow any connection for outside to inside for this reason is not allow to make any permanent rule only is allow to have runtime rules, but you can allow connection to specify service or protocol using the workaround for have services or protocol enable in a drop zone.

How to load manifest in Satellite 6 via Command Line?

How to load manifest in Satellite 6 via Command Line? 1.- Connect to your Satellite 6 server via ssh # ssh root@satellite.example.com  2.- Execute the hammer cli # hammer --username <username of satellite admin account> --password <password> shell  3.- Obtain List of Organizations #hammer organization list ID NAME LABEL DESCRIPTION 1 Default_Organization Default_Organization Default_Organization Organization 4.- Upload manifest to Satellite 6 Generate a new manifest with the self-service Satellite Certificate generation tool and upload the manifest file to you Satellite 6.0 5.- Now execute the following command to activate your manifest to Satellite 6.0 server #hammer>subscription upload --file /root/manifest.zip --organization-id 1 Where: file: is the location of you manifest. organization-id: The id of the organization you want to upload the manifest.

Error with katello-installer for enable IPA authentication 

# katello-installer --foreman-ipa-authentication true --foreman-configure-ipa-repo /bin/echo Get keytab && KRB5CCNAME=KEYRING:session:get-http-service-keytab kinit -k && KRB5CCNAME=KEYRING:session:get-http-service-keytab /usr/sbin/ipa-getkeytab  -s data.example.com -k /etc/httpd/conf/http.keytab -p HTTP/katello.example.com&& kdestroy -c  KEYRING:session:get-http-service-keytab returned 9 instead of one of [0] /Stage[main]/Foreman::Config/Exec[ipa-getkeytab]/returns: change from notrun to 0 failed:  /bin/echo Get keytab&& KRB5CCNAME=KEYRING:session:get-http-service-keytab kinit -k && KRB5CCNAME=KEYRING:session:get-http-service-keytab /usr/sbin/ipa-getkeytab -s data.example.com  -k /etc/httpd/conf/http.keytab -p HTTP/katello.example.com  && kdestroy -c KEYRING:session:get-http-service-keytab returned 9 instead of one of [0] /Stage[main]/Foreman::Config/Exec[ipa-getkeytab]: Failed to call refresh: /bin/echo Get \ keytab&&

How to authenticate Satellite web UI users using FreeIPA?

How to authenticate Satellite web UI users using FreeIPA? ⁠1.- Installing the IPA Client Install the client packages. These packages provide a simple way to configure the system as a client; they also install and configure SSSD. For a regular user system, this requires only the ipa-client package: ​[root@client ~]# yum install ipa-client 2.- If the IdM server is configured as the DNS server and is in the same domain as the client, add the server's IP address as the first entry in the list of name servers in the client's /etc/resolv.conf file. 3.- Run the client setup command. ​[root@client ~]# ipa-client-install --enable-dns-updates The --enable-dns-updates option updates DNS with the client machine's IP address. This option should only be used if the IdM server was installed with integrated DNS or if the DNS server on the network accepts DNS entry updates with the GSS-TSIG protocol. Options for ipa-client-install are listed in the ipa-client-install manpage

How Activate and Enable Repos via command line on Satellite 6.0

1. Connect to you server via ssh # ssh root@satellite.example.com 2.- Execute the hammer cli # hammer  --username <username of satellite admin account> --password  <password>  shell 3.- Obtain List of Organizations hammer> organization list ID | NAME                             | LABEL                            | DESCRIPTION     ---|--------------------------|-------------------------|------------------------------------------------------------------------------               1    | Default_Organization | Default_Organization | Default_Organization Organization 4.- Upload manifest to Satellite 6.0 Generate a new manifest with the self-service Satellite Certificate generation tool https://access.redhat.com/tools/satcert  and upload the manifest file to you Satellite 6.0 Now execute the following command for activate you manifest to Satellite 6.0 server hammer>subscription upload --file /root/manifest.zip --organization-id 1 Enable Repositories on