Linux Stuff

 The following error appear when try to generate a capsule certificate #capsule-certs-generate --capsule-fqdn capsule01.test.internal --certs-tar /root/capsule01.test.internal-certs.tar # /usr/share/ruby/vendor_ruby/puppet/parser/parser_support.rb:175:in `rescue in parse': Could not parse for environment production: invalid byte sequence in UTF-8 at /root/celery.pp:1 (Puppet::Error) from /usr/share/ruby/vendor_ruby/puppet/parser/parser_support.rb:166:in `parse' from /usr/share/ruby/vendor_ruby/puppet/node/environment.rb:536:in `block in perform_initial_import' from /usr/share/ruby/vendor_ruby/puppet/node/environment.rb:534:in `map' from /usr/share/ruby/vendor_ruby/puppet/node/environment.rb:534:in `perform_initial_import' from /usr/share/ruby/vendor_ruby/puppet/node/environment.rb:255:in `known_resource_types' from /usr/share/ruby/vendor_ruby/puppet/resource/type_collection_helper.rb:5:in `known_resource_types

1. -Enter in hammer shell with the following command #hammer -u admin -p <password> shell 2. -First we need to get our Organization ID with the following command #hammer> organization list ---|----------|----------|------------ ID | NAME     | LABEL    | DESCRIPTION ---|------------|------------|------------ 1  | Example | Example | ---|------------|-------------|------------ 3.- We check the repositories to get the id of our puppet repository #hammer> repository list --organization-id 1 ---|---------------------------|------------------------|------------------------|-------------------------- ID | NAME                      | PRODUCT            | CONTENT TYPE  | URL ---|---------------------------|------------------------|------------------------|--------------------------- 16 | V1                             | Puppet Modules     | puppet                    | ---|---------------------------|------------------------|-------------------------|-------------------------

Both BIND as configured in FreeIPA and Microsoft AD DNS servers can accept DNS updates using GSS-TSIG authentication. This uses Kerberos principals to authenticate to the DNS server. Under Microsoft AD, this is known as "Secure Dynamic Update". Pre-requisites     Kerberos principal in the realm/domain that Smart Proxy can use     Kerberos keytab for the above principal Setup krb5.conf cat > /etc/krb5.conf << "EOF" [logging]  default = FILE:/var/log/krb5libs.log  kdc = FILE:/var/log/krb5kdc.log  admin_server = FILE:/var/log/kadmind.log [libdefaults]  default_realm = EXAMPLE.COM  dns_lookup_realm = true  dns_lookup_kdc = true  ticket_lifetime = 24h  renew_lifetime = 7d  forwardable = true [realms]  EXAMPLE.COM = {   kdc = dc01.example.com   admin_server = dc01.example.com  } [domain_realm]  example.com = EXAMPLE.COM  .example.com = EXAMPLE.COM EOF Microsoft AD configuration A user has to be created in Active Directory t

This is happening because the following: Actions::Katello::Repository::ErrataMail Input: {"repo"=>4, "last_updated"=>"2015-10-17 02:20:18 +1300", "locale"=>"en"} Output: {} Exception: OpenSSL::SSL::SSLError: hostname does not match the server certificate   As we can see the sync of repos is failed because the errata mail can't be send it to resolve this issue we need to configure our email.yml   # cat /etc/foreman/email.yaml # Outgoing email settings production: delivery_method: :smtp smtp_settings: address: smtp.example.com port: 25 enable_starttls_auto: false << add this to avoid the connection via tls to  the mail server if you don't needed.

This can be achieve installing the following foreman plugin http://theforeman.org/plugins/foreman_remote_execution/0.0/ Start by installing  repository and EPEL7, see Quickstart instructions and Foreman manual for more information.   After it sucessfully finishes you'll have to manually install plugins by following command   yum install ruby193-rubygem-foreman_remote_execution rubygem-smart_proxy_remote_execution_ssh Note : the plugin only works if you satellite was install on RHEL7/Centos 7 for Katello after that you going to have job   templates in hosts tab just create a new job template for example   Template that allow install remove and update packages   Name: Package Actions die() { echo "${1}, exiting..." exit $2 } <% unless input("pre_script").blank? -%> # Pre Script <%= input("pre_script") %> RETVAL=$? [ $RETVAL -eq 0 ] || die "Pre script failed" $RETVAL <% end -%>

On Spacewalk or Satellite follow these steps delete kickstart distribution entries from Satellite database: # spacewalk-sql -i To get the id of the distribution   rhnschema=# select id,label from rhnKickstartableTree;   To remove the distribution   rhnschema=# delete from rhnKickstartableTree where ID=<kickstart_id>;    Quit from the sql rhnschema=# \q

Remove file by an inode number The -i option to ls displays the index number (inode) of each file:   ls -li Use find command as follows to delete the file if the file has inode number 4063242:   $ find . -inum 4063242 -delete OR   $ find . -inum 4063242 -exec rm -i {} \;    

This a bug that''s already know and the fix is update ruby193-rubygem-rabl For RHEL 6 http://koji.katello.org/koji/buildinfo?buildID=23400 For RHEL 7 http://koji.katello.org/koji/buildinfo?buildID=23401 After update just restart the apache server For RHEL 6 #service httpd restart For RHEL 7 #systemctl restart httpd

Spacewalk    Login in you spacewalk server via ssh 1.-Export Spacewalk Data with the following command #spacewalk-export --export-dir=/export 2.- Import the data into the /tmp of katello and uncompress #tar xf spacewalk_export.tar.gz     Get hammer cli for import the data into katello wget https://github.com/Katello/hammer-cli-import/archive/master.zip mkdir hammer mv master.zip hammer/ cd hammer/ unzip master.zip cd hammer-cli-import-master/ mkdir ~/.hammer cat >> ~/.hammer/cli_config.yml << EOF :modules: - hammer_cli_import EOF cd hammer/hammer-cli-import-master/ env RUBYOPT=-Ilib hammer import all --directoy=/tmp/exports

1.- First verify if the current certificate is already expire #spacewalk-sql -i <<< 'select expires from rhnsatellitecert where created=(select max(created) from rhnsatellitecert);'         expires ------------------------  2015-07-13 00:00:00+12 (1 row) 2.- If the certificate is already expired run the following command to resign the certificate #rhn-satellite-activate --rhn-cert /usr/share/spacewalk/setup/spacewalk-public.cert --disconnected 3.- Check again certificate expired date #spacewalk-sql -i <<< 'select expires from rhnsatellitecert where created=(select max(created) from rhnsatellitecert);'         expires ------------------------  2018-07-13 00:00:00+12 (1 row) All done

1.- First make su to postgres user su -s /bin/bash - postgres  2.-Execute psql psql  3.- connect to the foreman database \c foreman;  4.- Delete all the foreman task and foreman task locks delete from foreman_tasks_tasks;  delete from foreman_tasks_locks;  5.- Quit from postgres and exit \q  exit  6. Restart all the services for s in {qpidd,pulp_celerybeat,pulp_ resource_manager,pulp_workers, httpd}; do sudo service $s restart; done  Update in todays foreman you can clean the task using the following command: foreman-rake foreman_tasks:cleanup

#!/bin/bash echo Disable winbind authconfig --disablewinbindauth  --disablewinbind --disablekrb5 --updateall service winbind stop chkconfig winbind off echo Setup Kerberos rm -f /etc/krb5.conf  cat > /etc/krb5.conf << "EOF" [logging]  default = FILE:/var/log/krb5libs.log  kdc = FILE:/var/log/krb5kdc.log  admin_server = FILE:/var/log/kadmind.log [libdefaults]  default_realm = EXAMPLE.COM  dns_lookup_realm = true  dns_lookup_kdc = true  ticket_lifetime = 24h  renew_lifetime = 7d  forwardable = true [realms]  EXAMPLE.COM = {   kdc = ad.example.com   admin_server = ad.example.com  } [domain_realm]  example.com = EXAMPLE.COM  .example.com= EXAMPLE.COM EOF echo Samba Setup rm -f /etc/samba/smb.conf  cat > /etc/samba/smb.conf << "EOF" [global]         workgroup = EXAMPLE         server string = Samba Server Version %v # Max Log Size let you specify the max size log

yum install http://packages.2ndquadrant.com/postgresql-bdr94-2ndquadrant/yum-repo-rpms/postgresql-bdr94-2ndquadrant-redhat-1.0-2.noarch.rpm yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm yum update yum install postgresql-bdr94-bdr Initialize Node1 and 2 database /usr/pgsql-9.4/bin/postgresql94-setup initdb Setup Postgresql.conf and hba node 1 /var/lib/pgsql/9.4-bdr/data/postgresql.conf listen_addresses = '*'  port = 5598   shared_preload_libraries = 'bdr'     wal_level = 'logical'     track_commit_timestamp = on     max_connections = 100     max_wal_senders = 10     max_replication_slots = 10     # Make sure there are enough background worker slots for BDR to run     max_worker_processes = 10     # These aren't required, but are useful for diagnosing problems     #log_error_verbosity = verbose     #log_min_messages = debug1     #log_line_prefix = 'd=%d p=%p a

%pre #!/bin/bash echo -n "Enter FQDN Hostname: " > /dev/tty1 read HOSTN echo -n "Enter IP Address:" > /dev/tty1 read IP echo -n "Enter the Netmask:" > /dev/tty1 read MASK echo -n "Enter Gateway:" > /dev/tty1 read GW echo -n "Enter Nameserver:" > /dev/tty1 read DNS echo "network --device eth0 --bootproto=static --ip=${IP} --netmask=${MASK} --gateway=${GW} --nameserver=${DNS} --hostname=${HOSTN}" > /tmp/network.txt %post --noroot #!/bin/bash # bring in hostname collected from %pre, then source it ###### cp -Rvf /etc/sysconfig/network /mnt/sysimage/etc/sysconfig/network cp -Rvf /etc/sysconfig/resolv.conf /mnt/sysimage/etc/resolv.conf # Set-up eth0 with hostname cp /etc/sysconfig/network-scripts/ifcfg-eth0  /mnt/sysimage/etc/sysconfig/network-scripts/ifcfg-eth0 # force hostname change /mnt/sysimage/bin/hostname $HOSTNAME rhn-profile-sync

First create the host on IPA Server and provide one time password in this example the password is "secret" # Get the hostname to set as the host principal chvt 3 exec </dev/tty3> /dev/tty3 clear /bin/hostname > /tmp/hostname.txt # Run the client install script echo Installing IPA Client sleep 5 /usr/sbin/ipa-client-install --domain=ipdomain.example.com --enable-dns-updates --mkhomedir -w secret --realm=IPADOMAIN.EXAMPLE.COM --server=server01.ipdomain.example.com --unattended rm -f /etc/krb5.conf cat > /etc/krb5.conf << "EOF" includedir /var/lib/sss/pubconf/krb5.include.d/ [logging]  default = FILE:/var/log/krb5libs.log  kdc = FILE:/var/log/krb5kdc.log  admin_server = FILE:/var/log/kadmind.log [libdefaults]  default_realm = IPADOMAIN.EXAMPLE.COM  dns_lookup_realm = false  dns_lookup_kdc = true  rdns = false  ticket_lifetime = 24h  forwardable = yes  udp_preference_limit = 0  default_ccach

#!/bin/bash echo "Splunk Installation" yum install splunk<version> -y --nogpgcheck usermod -G <group that splunk is going to be join> splunk /opt/splunkforwarder/bin/splunk enable boot-start -user splunk --accept-license su splunk -c "/opt/splunkforwarder/bin/splunk add forward-server splunk.example.com:9997" su splunk -c "/opt/splunkforwarder/bin/splunk edit user admin -password password -auth admin:password" su splunk -c "/opt/splunkforwarder/bin/splunk start" for dir in $(find /var/point -mindepth 1 -maxdepth 1 -type d) do su splunk -c "/opt/splunkforwarder/bin/splunk add monitor $dir/logs -index $env -sourcetype $(basename $dir)" done chkconfig splunk on echo "Installation complete"

#!/bin/bash function set_parameter { sed -i -e "s|^$2.*|$2$3|" $1 egrep "^$2*" $1 > /dev/null ||echo "$2$3" >> $1 } #--------------------------------------------------------------------------------------------------------------- function add_line { egrep "^$2" $1 > /dev/null || echo "$2" >> $1 } #--------------------------------------------------------------------------------------------------------------- echo '# This file contains the auditctl rules that are loaded # whenever the audit daemon is started via the initscripts. # The rules are simply the parameters that would be passed # to auditctl. # First rule - delete all -D # Increase the buffers to survive stress events. # Make this bigger for busy systems -b 8192 # Feel free to add below this line. See auditctl man page -a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -k timechange