Monday 30 November 2015

Unknown filesystem type 'LVM2_member' - Debian

So you are working with LVM volumes specifically with LVM volumes that contain complete filesystems - i.e. virtual hard disks - and you are getting this 'unknown filesystem type 'LVM2_member' when you are trying to mount the volume. This error is encountered because this partition contain multiple LVM parts (i.e. members). The way you would mount these volumes is to extract this partition, mount it as a loop device and then use pvs/lvs and vgchange command to activate the LVM and mount. Consider my LVM volume that exist on a Xen/Ganeti host: 
# gnt-instance info migrate.isys

[cut]

  Disk template: plain
  Disks:
    - disk 0: lvm, size 10.0G
      access mode: rw
      logical_id:  volg1/50c29778-490a-4686-8a42-569d8b55f40c.disk0_data
      on primary:  /dev/volg1/50c29778-490a-4686-8a42-569d8b55f40c.disk0_data (254:66)
[cut]
Use kpartx to separate the partitions of the volume: 
# kpartx -a -p- /dev/volg1/50c29778-490a-4686-8a42-569d8b55f40c.disk0_data
# ls -la /dev/mapper/volg1-50c29778*
lrwxrwxrwx 1 root root 8 Nov 30 14:46 /dev/mapper/volg1-50c29778--490a--4686--8a42--569d8b55f40c.disk0_data -> ../dm-66
lrwxrwxrwx 1 root root 8 Nov 30 15:30 /dev/mapper/volg1-50c29778--490a--4686--8a42--569d8b55f40c.disk0_data-1 -> ../dm-79
lrwxrwxrwx 1 root root 8 Nov 30 15:30 /dev/mapper/volg1-50c29778--490a--4686--8a42--569d8b55f40c.disk0_data-2 -> ../dm-80
Let's mount the first partition: /dev/mapper/volg1-50c29778--490a--4686--8a42--569d8b55f40c.disk0_data-1 
# mount /dev/mapper/volg1-50c29778--490a--4686--8a42--569d8b55f40c.disk0_data-1 /mnt

# ls -la /mnt
total 34110
dr-xr-xr-x.  5 root root     1024 Nov 23 13:28 .
drwxr-xr-x  23 root root     4096 May 11  2015 ..
-rw-r--r--.  1 root root   107134 Jul 23 17:13 config-2.6.32-573.el6.x86_64
drwxr-xr-x.  3 root root     1024 Nov 23 13:27 efi
drwxr-xr-x.  2 root root     1024 Nov 23 13:29 grub
-rw-------.  1 root root 27635640 Nov 23 13:29 initramfs-2.6.32-573.el6.x86_64.img
drwx------.  2 root root    12288 Nov 23 13:25 lost+found
-rw-r--r--.  1 root root   205998 Jul 23 17:14 symvers-2.6.32-573.el6.x86_64.gz
-rw-r--r--.  1 root root  2585052 Jul 23 17:13 System.map-2.6.32-573.el6.x86_64
-rwxr-xr-x.  1 root root  4220560 Jul 23 17:13 vmlinuz-2.6.32-573.el6.x86_64
-rw-r--r--.  1 root root      166 Jul 23 17:13 .vmlinuz-2.6.32-573.el6.x86_64.hmac
Looks like it's the /boot partition. Fine, the rest of my disk is on the second partition, so let's mount that: 
# mount /dev/mapper/volg1-50c29778--490a--4686--8a42--569d8b55f40c.disk0_data-2 /mnt
mount: unknown filesystem type 'LVM2_member'
Uh-oh, can not mount: unknown filesystem type 'LVM2_member'. So the second partition must be made up of more than one LVM members. Lets make an image of this and mount it as a loop back filesystem to see what is inside. 
# dd if=/dev/mapper/volg1-50c29778--490a--4686--8a42--569d8b55f40c.disk0_data-2 of=/var/tmp/partition2.dd bs=1M
10039+0 records in
10039+0 records out
10526654464 bytes (11 GB) copied, 174.754 s, 60.2 MB/s

# file partition2.dd
partition2.dd: LVM2 PV (Linux Logical Volume Manager), UUID: NydiFK-CaAX-PWcz-I0pY-EpAk-4ViC-pIGpf0, size: 10526654464
# losetup /dev/loop0 partition2.dd
# pvs
  PV         VG          Fmt  Attr PSize  PFree
  /dev/loop0 volg0       lvm2 a--   9.78g 992.00m
  /dev/sda5  SYSTEM      lvm2 a--  79.76g  55.55g
  /dev/sdb1  volg1       lvm2 a--   1.97t   1.96t
# lvs
  LV   VG          Attr     LSize  Pool Origin Data%  Move Log Copy%  Convert
  HOME SYSTEM -wi-ao--  3.72g
  ROOT SYSTEM -wi-ao--  7.45g
  SWAP SYSTEM -wi-ao--  3.72g
  TMP  SYSTEM -wi-ao--  1.86g
  VAR  SYSTEM -wi-ao--  7.45g
  root volg0       -wi-----  7.81g
  swap volg0       -wi-----  1.00g
Hey look! It's made up of root and a swap member! Now if you want to mount these, you can now run the vgchange command and activate them: 
# vgchange -ay volg0
  2 logical volume(s) in volume group "volg0" now active

# lvdisplay

[snip]

  --- Logical volume ---
  LV Path                /dev/volg0/root
  LV Name                root
  VG Name                volg0
  LV UUID                dAoIl6-WR4G-Z0d1-9Cgg-hevk-oSaf-7TTeGv
  LV Write Access        read/write
  LV Creation host, time migrate.isys.bris.ac.uk, 2015-11-23 13:25:26 +0000
  LV Status              available
  # open                 0
  LV Size                7.81 GiB
  Current LE             250
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           254:5

  --- Logical volume ---
  LV Path                /dev/volg0/swap
  LV Name                swap
  VG Name                volg0
  LV UUID                L0haeP-jWyr-Gij9-sAhA-8mk6-VGS0-M42Gyl
  LV Write Access        read/write
  LV Creation host, time migrate.isys.bris.ac.uk, 2015-11-23 13:25:30 +0000
  LV Status              available
  # open                 0
  LV Size                1.00 GiB
  Current LE             32
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           254:6

# mount /dev/volg0/root /mnt
# ls /mnt
bin  boot  dev  etc  home  lib  lib64  lost+found  media  mnt  opt  proc  root  sbin  selinux  srv  sys  tmp  usr  var
And there you are, you have access to your root data! Copy it, move it, do anything you want, then perform the clean up-reverse actions: 
# umount /mnt
# vgchange -an volg0
  0 logical volume(s) in volume group "volg0" now active
# losetup -d /dev/loop0
# kpartx -d -p- /dev/volg1/50c29778-490a-4686-8a42-569d8b55f40c.disk0_data
# ls -la /dev/mapper/volg1-50c29778*
lrwxrwxrwx 1 root root 8 Nov 30 14:46 /dev/mapper/volg1-50c29778--490a--4686--8a42--569d8b55f40c.disk0_data -> ../dm-66
Posted by at No comments:

Wednesday 25 November 2015

Puppet Error: Error 400 on SERVER: Error from DataBinding 'hiera' while looking up 'puppet_enterprise::certificate_authority_port': (): could not found expected ':'

If you get this Puppet error (when running puppet agent -t on your client): Error 400 on SERVER: Error from DataBinding 'hiera' while looking up 'puppet_enterprise::certificate_authority_port': (): could not found expected ':' It means that there is a syntax error in you hiera yaml file.
Posted by at No comments:

Friday 20 November 2015

How to extend root partition in LVM

Follow these instructions! https://rbgeek.wordpress.com/2013/01/27/how-to-extend-the-root-partition-in-lvm/
Posted by at No comments:

Wednesday 18 November 2015

Fix grub boot loader - Debian 7

Boot from CDROM, choose Rescue Mode and Advanced options. When prompted, request a shell on the root partition With the grub tools (apt-get install grub if tools are missing): 
grub-mkdevicemap
grub-install /dev/sda
update-grub
Reboot
Posted by at No comments:

Thursday 12 November 2015

Start service at boot (autostart) - CentOS 6

chkconf is the command, for example auto start Apache at boot: 
chkconfig httpd on
Posted by at No comments:

Wednesday 11 November 2015

Fixing deleted /var/run link and restoring SELinux permissions - CentOS 7

So some idiot with sudo permissions deleted the symlink /var/run. To restore it, log on to another system and find out the permissions of this link: 
# ls -ld /var/run
lrwxrwxrwx. 1 root root 6 Feb 25  2015 /var/run -> ../run
# ls -Z /var/run
lrwxrwxrwx. root root system_u:object_r:var_run_t:s0   /var/run -> ../run
#
Log on to broken system as root and do the following: 
# cd /var
# ln -s ../run run
# chcon -h system_u:object_r:var_run_t:s0 run
# ls -Z run
lrwxrwxrwx. root root system_u:object_r:var_run_t:s0   /var/run -> ../run
Posted by at No comments:

Monday 26 October 2015

Kerberos Keytab Error - CentOS 6 

Oct 22 21:10:38 server sshd[52210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=server.domain.com  user=st14988
Oct 22 21:10:38 server sshd[52210]: pam_krb5[52210]: error reading keytab 'FILE:/etc/krb5.keytab'
Oct 22 21:10:38 server sshd[52210]: pam_krb5[52210]: TGT verified
Oct 22 21:10:38 server sshd[52210]: pam_krb5[52210]: authentication succeeds for 'abc' (abc@server.domain.com)
Oct 22 21:10:38 server sshd[52210]: pam_unix(sshd:session): session opened for user abc by (uid=0)
To disable keytab validation and hence suppress these log messages, add the no_validate option to your PAM settings. 
auth        sufficient    pam_krb5.so use_first_pass no_validate
On my CentOS 6 servers, these are in the following files: 
/etc/pam.d/password-auth-ac
/etc/pam.d/system-auth-ac
Posted by at No comments:

Friday 25 September 2015

RedHat Channel Subscription

To list all available channels: 
[root@ ~]# rhn-channel -L  --user=rhn_user --password=rhn_password
To subscribe to a channel (e.g. options): 
[root@ ~]# rhn-channel --add --channel=rhel-x86_64-server-optional-6 --user=rhn_user --password=rhn_password
To list channel subscribed: 
[root@ ~]# rhn-channel -l
rhel-x86_64-server-6
rhel-x86_64-server-optional-6
To register to RHN (do this first!): To register and subscribe in one step: 

[root@ ~]# subscription-manager register --username  --password  --auto-attach
This is the old way or using a satellite server: 
[root@ ~]# rhn_register
Posted by at No comments:

Monday 27 July 2015

Remove node from Puppet Enterprise system

On the PE master: 
[root@pe-master ~]# puppet cert clean node.domain.com
Notice: Revoked certificate with serial 34
Notice: Removing file Puppet::SSL::Certificate node.domain.com at '/etc/puppetlabs/puppet/ssl/ca/signed/node.domain.com
Notice: Removing file Puppet::SSL::Certificate node.domain.com at '/etc/puppetlabs/puppet/ssl/certs/node.domain.com

[root@pe-master ~]# puppet node deactivate node.domain.com
Submitted 'deactivate node' for node.domain.com with UUID 1d6c7992-d4cf-4659-91e2-23c751afacc2

[root@pe-master ~]# puppet cert revoke node.domain.com
Notice: Revoked certificate with serial 34
Restart pe: service pe-puppet restart On the client: 
[root@pe-client ~]# find /etc/puppetlabs/puppet/ssl -name node.domain.com -delete
Posted by at No comments:

Thursday 23 July 2015

Firewall Commands on CentOS 7

Open a firewall port 
   30  firewall-cmd --zone=public --add-port=4407/tcp --permanent
   31  firewall-cmd --reload
Show opened ports 
  568  firewall-cmd --zone=public --list-ports
List connected servies 
  567  firewall-cmd --zone=public --list-services
Posted by at No comments:

Monday 13 July 2015

Find out whether an NIC is connected and has link 

root@host ~
$ ip link show dev eth0
3: eth0:  mtu 1500 qdisc pfifo_fast master bond0 state UP qlen 1000
    link/ether 00:xx:xx:xx:xx:ef brd ff:ff:ff:ff:ff:ff
root@host ~
$ ip link show dev eth1
2: eth1:  mtu 1500 qdisc pfifo_fast master bond1 state DOWN qlen 1000
    link/ether 00:xx:xx:xx:xx:ed brd ff:ff:ff:ff:ff:ff
root@nost ~
Posted by at No comments:

Wednesday 8 July 2015

If NetworkManager is installed but not used facter throws a warning - Puppet

The solution for this is simple! 
yum remove NetworkManager
Posted by at No comments:

Friday 19 June 2015

When a process shows uid number instead of user name

When a process appears with the uid number instead of the username, it is because the username is more than 8 characters long: 
[root@ pe-activemq]# ps -ef|grep active
497       2578     1  0 12:44 ?        00:00:27 /opt/puppet/lib/jvm/pe-java/jre/bin/java -Xms512m -Xmx512m -Djava.util.logging.config.file=logging.properties -Dhawtio.realm=activemq -Dhawtio.role=admins -Dhawtio.rolePrincipalClasses=org.apache.activemq.jaas.GroupPrincipal -Djava.security.auth.login.config=/etc/puppetlabs/activemq/login.config -Dcom.sun.management.jmxremote -Djava.awt.headless=true -Djava.io.tmpdir=/opt/puppet/share/activemq/tmp -Dactivemq.classpath=/etc/puppetlabs/activemq; -Dactivemq.home=/opt/puppet/share/activemq -Dactivemq.base=/opt/puppet/share/activemq -Dactivemq.conf=/etc/puppetlabs/activemq -Dactivemq.data=/opt/puppet/share/activemq/data -jar /opt/puppet/share/activemq/bin/activemq.jar start
root     16591  7586  0 13:30 pts/0    00:00:00 grep active
Use the command option -o to shown fullname: 
[root@ pe-activemq]# ps -e -o "user:16,pid,ppid,c,stime,tty,time,command"|grep active
pe-activemq       2578     1  0 12:44 ?        00:00:28 /opt/puppet/lib/jvm/pe-java/jre/bin/java -Xms512m -Xmx512m -Djava.util.logging.config.file=logging.properties -Dhawtio.realm=activemq -Dhawtio.role=admins -Dhawtio.rolePrincipalClasses=org.apache.activemq.jaas.GroupPrincipal -Djava.security.auth.login.config=/etc/puppetlabs/activemq/login.config -Dcom.sun.management.jmxremote -Djava.awt.headless=true -Djava.io.tmpdir=/opt/puppet/share/activemq/tmp -Dactivemq.classpath=/etc/puppetlabs/activemq; -Dactivemq.home=/opt/puppet/share/activemq -Dactivemq.base=/opt/puppet/share/activemq -Dactivemq.conf=/etc/puppetlabs/activemq -Dactivemq.data=/opt/puppet/share/activemq/data -jar /opt/puppet/share/activemq/bin/activemq.jar start
root             17623  7586  0 13:37 pts/0    00:00:00 grep active
root             17391 grep active
Posted by at No comments:

Tuesday 9 June 2015

Add CDROM as local yum repo - CentOS 7

Mount the CD/DVD ROM on the any directory of your wish, for testing mount it on /cdrom. 
# mkdir /cdrom
# mount /dev/cdrom /cdrom
Configuration file: Create the new repo file called cdrom.repo under /etc/yum.repos.d directory. # vi /etc/yum.repos.d/local.repo Add the following details. 
[LocalRepo]
name=Local Repository
baseurl=file:///cdrom
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Posted by at No comments:

Thursday 28 May 2015

Regenerate authorized_keys file in GitLab 

sudo gitlab-rake gitlab:shell:setup
To check your GitLab for issues: 
sudo gitlab-rake gitlab:check RAILS_ENV=production
Posted by at No comments:

Tuesday 26 May 2015

Disk Usage - What's eating my disk space Perl script 

#!/usr/bin/perl
use strict;
use IO::File;

my $size;
my $inode;
my $sum = 0;
my @entries;
my $e;
my $percent = 0;
my $remsum = 0;
my $counter = 0;
my $nofiles = 0;

my $du = new IO::File;

if (@ARGV) {
    chdir "$ARGV[0]" or die "cannot change to [ $ARGV[0] ]\n";
}

my $path =  $ARGV[0] . "/";
print "$path\n";
START:

$du->open("du -sk *|") or
    die "cannot open du program and pipe";

while (<$du>) {
    ($size, $inode)=split;
    $inode .= "/" if (-d $inode);
    $sum += $size;
    push @entries, { size => $size, inode => $inode };
}

@entries = sort { $b->{size} <=> $a->{size} } @entries;

$du->close;

foreach $e (@entries) {
    $percent = $e->{size}/$sum*100;

    if ($counter < 10) {
        printf(
            "%30s | %5d | %5.2f%%\n",
            $e->{inode},
            $e->{size},
            $percent);
    }
    else {
        $nofiles++;
        $remsum += $e->{size};
    }
    $counter++;
}

if ($remsum > 0) {
    printf(
        "%30s | %5d | %5.2f%%\n",
        "files",
        $remsum,
        $remsum/$sum*100);
}


if (@entries[0]->{inode} =~ /(.*\/$)/)
{
    $path .= $1;
    chdir $path;
    print "$path\n";
    undef @entries;
    $counter=0; $nofiles=0;
    goto START;
}
else
{
    print "No more!";
    exit;
}
Posted by at No comments:

Wednesday 20 May 2015

Port Bonding and VLAN - CentOS 6

Create the file /etc/modprobe.d/bonding.conf, add the following lines: 
alias bond0 bonding
options bond0 mode=1 miimon=100
Create the bond file /etc/sysconfig/network-scripts/ifcfg-bond0 
DEVICE=bond0
USERCTL=no
BOOTPROTO=none
ONBOOT=yes
BONDING_OPTS="miimon=100 mode=1"
TYPE=Unknown
IPV6INIT=no
Create the VLAN bond file /etc/sysconfig/network-scripts/ifcfg-bond0.35 
DEVICE=bond0.35
BOOTPROTO=none
TYPE=Ethernet
ONBOOT=yes
VLAN=yes
NM_CONTROLLED=no
IPADDR=x.x.35.13
PREFIX=24
GATEWAY=x.x.35.250
NM_CONTOLLED=no
USERCTL=no
Edit the interface files ifcfg-em1 and ifcfg-em2: 
DEVICE="em1"
BOOTPROTO="none"
HWADDR="xx:xx:xx:xx:xx:7A"
IPV6INIT="yes"
MTU="1500"
NM_CONTROLLED="no"
ONBOOT="yes"
TYPE="Ethernet"
UUID="90e968f4-xxxx-xxxx-xxxx-0a188c6cc9e8"
MASTER=bond0
SLAVE=yes
USERCTL=no
--------------------------------------------------------------------------
DEVICE=em2
HWADDR=xx:xx:xx:xx:xx:7C
TYPE=Ethernet
UUID=4bc7043a-xxxx-xxxx-xxxx-cd5f6f04e0f7
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
USERCTL=no
Posted by at No comments:

Thursday 30 April 2015

Foreman-Proxy SSL Error 

Oops, we're sorry but something went wrong
 
×
Warning!

ERF12-5356 [ProxyAPI::ProxyException]: Unable to get PuppetCA certificates ([OpenSSL::SSL::SSLError]: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert un...) for proxy https://foreman.domain.net:8443/puppet/ca
If you feel this is an error with Foreman itself, please open a new issue with Foreman ticketing system, You would probably need to attach the Full trace and relevant log entries.

Back
Posted by at No comments:

Reset Foreman Admin Login Password

As super-user, on the command line, run: 
foreman-rake permissions:reset
Posted by at 2 comments:

Tuesday 28 April 2015

Add http/https access to iptables - CentOS 6

Edit iptables: 
vi /etc/sysconfig/iptables
Add the following lines: 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
Restart iptables: 
service iptables restart
Posted by at No comments:

Tuesday 10 March 2015

Installing Hyper-V Daemons on CentOS 7 

[root@its-webmon ~]# yum search hyperv
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.coreix.net
 * epel: mirror.vorboss.net
 * extras: mirror.ox.ac.uk
 * updates: mirror.ox.ac.uk
============================= N/S matched: hyperv ==============================
hyperv-daemons.x86_64 : HyperV daemons suite
hyperv-daemons-license.noarch : License of the HyperV daemons suite
hypervkvpd.x86_64 : HyperV key value pair (KVP) daemon
hypervvssd.x86_64 : HyperV VSS daemon
perl-Sys-Virt.x86_64 : Represent and manage a libvirt hypervisor connection

  Name and summary matches only, use "search all" for everything.
[root@its-webmon ~]# yum install hyperv-daemons
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.coreix.net
 * epel: mirror.vorboss.net
 * extras: mirrors.coreix.net
 * updates: mirror.sov.uk.goscomb.net
Resolving Dependencies
--> Running transaction check
---> Package hyperv-daemons.x86_64 0:0-0.24.20130826git.el7 will be installed
--> Processing Dependency: hypervvssd = 0-0.24.20130826git.el7 for package: hyperv-daemons-0-0.24.20130826git.el7.x86_64
--> Processing Dependency: hypervkvpd = 0-0.24.20130826git.el7 for package: hyperv-daemons-0-0.24.20130826git.el7.x86_64
--> Running transaction check
---> Package hypervkvpd.x86_64 0:0-0.24.20130826git.el7 will be installed
--> Processing Dependency: hyperv-daemons-license = 0-0.24.20130826git.el7 for package: hypervkvpd-0-0.24.20130826git.el7.x86_64
---> Package hypervvssd.x86_64 0:0-0.24.20130826git.el7 will be installed
--> Running transaction check
---> Package hyperv-daemons-license.noarch 0:0-0.24.20130826git.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                   Arch      Version                      Repository
                                                                           Size
================================================================================
Installing:
 hyperv-daemons            x86_64    0-0.24.20130826git.el7       base    3.7 k
Installing for dependencies:
 hyperv-daemons-license    noarch    0-0.24.20130826git.el7       base     11 k
 hypervkvpd                x86_64    0-0.24.20130826git.el7       base     18 k
 hypervvssd                x86_64    0-0.24.20130826git.el7       base    9.9 k

Transaction Summary
================================================================================
Install  1 Package (+3 Dependent packages)

Total download size: 43 k
Installed size: 60 k
Is this ok [y/d/N]: y
Downloading packages:
(1/4): hyperv-daemons-0-0.24.20130826git.el7.x86_64.rpm    | 3.7 kB   00:00     
(2/4): hyperv-daemons-license-0-0.24.20130826git.el7.noarc |  11 kB   00:00     
(3/4): hypervvssd-0-0.24.20130826git.el7.x86_64.rpm        | 9.9 kB   00:00     
(4/4): hypervkvpd-0-0.24.20130826git.el7.x86_64.rpm        |  18 kB   00:00     
--------------------------------------------------------------------------------
Total                                              103 kB/s |  43 kB  00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : hyperv-daemons-license-0-0.24.20130826git.el7.noarch         1/4 
  Installing : hypervkvpd-0-0.24.20130826git.el7.x86_64                     2/4 
  Installing : hypervvssd-0-0.24.20130826git.el7.x86_64                     3/4 
  Installing : hyperv-daemons-0-0.24.20130826git.el7.x86_64                 4/4 
  Verifying  : hyperv-daemons-license-0-0.24.20130826git.el7.noarch         1/4 
  Verifying  : hyperv-daemons-0-0.24.20130826git.el7.x86_64                 2/4 
  Verifying  : hypervkvpd-0-0.24.20130826git.el7.x86_64                     3/4 
  Verifying  : hypervvssd-0-0.24.20130826git.el7.x86_64                     4/4 

Installed:
  hyperv-daemons.x86_64 0:0-0.24.20130826git.el7                                

Dependency Installed:
  hyperv-daemons-license.noarch 0:0-0.24.20130826git.el7                        
  hypervkvpd.x86_64 0:0-0.24.20130826git.el7                                    
  hypervvssd.x86_64 0:0-0.24.20130826git.el7                                    

Complete!

[root@its-webmon init.d]# service hypervkvpd start
Redirecting to /bin/systemctl start  hypervkvpd.service
[root@its-webmon init.d]# service hypervvssd start
Redirecting to /bin/systemctl start  hypervvssd.service
[root@its-webmon init.d]# systemctl|grep hyper
hypervkvpd.service                                                                                                        loaded active running   Hyper-V KVP daemon
hypervvssd.service                                                                                                        loaded active running   Hyper-V VSS daemon
Posted by at No comments:

Friday 6 March 2015

Registering networker ports 

echo "Registering networker ports 7937-7999 with backup server"
/usr/bin/nsrports -s backupserver.domain.com -S 7937-7999
/usr/bin/nsrports -S 7937-7999
/usr/bin/nsrports -s backupserver.domain.com -C 10001-30000
/usr/bin/nsrports -C 10001-30000
Posted by at No comments:

Thursday 5 March 2015

Changing a Ganeti node's group 

# gnt-group list
Group    Nodes Instances AllocPolicy NDParams
tier1     5        78 last_resort (empty)
tier2     3       118 preferred   (empty)
mvb       4        74 last_resort (empty)
# gnt-group assign-nodes cc-tier2 sever
# gnt-group list
Group    Nodes Instances AllocPolicy NDParams
tier1     5        78 last_resort (empty)
tier2     4       124 preferred   (empty)
mvb       3        68 last_resort (empty)
Posted by at No comments:

Tuesday 3 March 2015

Extract text string in brackets 

grep -oP '\(\K[^\)]+' file
\K means that use look around regex advanced feature. More precisely, it's a positive look-behind assertion, you can do it like this too : 
grep -oP '(?<=\()[^\)]+' file
if you lack the -P option, you can do this with perl : 
perl -lne '/\(\K[^\)]+/ and print $&' file
Another simpler approach using awk 
awk -F'[()]' '{print $2}' file
Posted by at No comments:

Monday 23 February 2015

LVM Metadatasize too small

Too small: 
# vgs --units k -o vg_mda_count,vg_mda_free,vg_mda_size,vg_name
  #VMda VMdaFree  VMdaSize  VG
      1    91.50k   188.00k volg0
      2    73.50k   188.00k volg1
OK: 
#  vgs --units k -o vg_mda_count,vg_mda_free,vg_mda_size,vg_name
  #VMda VMdaFree  VMdaSize  VG
      1    91.50k   188.00k volg0
      4  8091.00k 16384.00k volg1
Posted by at No comments:

Friday 20 February 2015

Starting a Ganeti VM to reset root password 

# gnt-instance start -H kernel_args="rw init=/bin/sh" INSTANCE
Waiting for job 1333533 for INSTANCE ...
# gnt-instance console INSTANCE
Initializing cgroup subsys cpuset
Initializing cgroup subsys cpu
Linux version 2.6.32-358.23.2.el6.x86_64 (mockbuild@c6b9.bsys.dev.centos.org) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) ) #1 SMP Wed Oct 16 18:37:12 UTC 2013
Command line: ro root=LABEL=root rhgb noquiet root=/dev/xvda rw init=/bin/sh

[cut]

sh: cannot set terminal process group (-1): Inappropriate ioctl for device
sh: no job control in this shell
sh-4.1# passwd
Changing password for user root.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
sh-4.1# exit

# gnt-instance reboot INSTANCE
Posted by at No comments:

Tuesday 17 February 2015

Oracle Apache PL/SQL Gateway Module - OWA - mod_owa

The mod_owa Apache module allows you to access an Oracle Database using a webfront end. Download and install Oracle Instant Client for your system from here: http://www.oracle.com/technetwork/database/features/instant-client/index-097480.html On CentOS edit /etc/sysconfig/httpd, or /etc/apache2/envvars on Debian: 
export TNS_ADMIN=/etc/oracle
export ORACLE_HOME=/usr/lib/oracle/11.2/client64
export PATH=$PATH:$ORACLE_HOME/bin
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ORACLE_HOME/lib
Create and put you tnsname.ora in the /etc/oracle directory. Download and install mod_owa from here: https://oss.oracle.com/projects/mod_owa/dist/documentation/modowa.htm Create an Apache configuration file as such: 
LoadModule owa_module /etc/httpd/modules/mod_owa.so

    SetHandler     owa_handler
    OwaUserid      username/password@ORACLEDBNAME
    OwaDiag        COMMAND ARGS CGIENV POOL SQL MEMORY ERROR THREADS HEADER RESPONSE
    OwaLog         "/var/log/httpd/mod_owa.log"
    OwaAdmin       127.0.0.1 255.255.255.255
    OwaPool        10
    OwaStart       "login"
    OwaDocProc     "doc_pkg.readfile"
    OwaDocPath     docs
    OwaUploadMax   10M
    OwaCharsize    2
    OwaCharset     "utf-8"
    #OwaCharset     "UTF-8"
    #OwaBindset     "UTF-8"
    #OwaUnicode     "FULL"
    order          deny,allow
    allow          from all
    OwaDocTable    ndrd_file_objects BLOB_CONTENT
Posted by at No comments:

Monday 16 February 2015

Create a self-signed Certificate (non-trusted) - enable https

Generate keys, CA, and signed certificate: 
# openssl genrsa -out ca.key 2048
# openssl req -new -key ca.key -out ca.csr
# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
# cp ca.crt /etc/pki/tls/certs
# cp ca.key /etc/pki/tls/private/ca.key
# cp ca.csr /etc/pki/tls/private/ca.csr
Install mod_ssl and create ssl.conf file: 
# yum install mod_ssl
# cat /etc/httpd/conf.d/ssl

LoadModule ssl_module modules/mod_ssl.so

Listen 443

SSLPassPhraseDialog  builtin

SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300

SSLMutex default

SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512

SSLCryptoDevice builtin
#SSLCryptoDevice ubsec



DocumentRoot "/var/www/html"
ServerName webtest.isys.bris.ac.uk

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn

SSLEngine on

SSLProtocol all -SSLv2

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

SSLCertificateFile /etc/pki/tls/certs/ca.crt

SSLCertificateKeyFile /etc/pki/tls/private/ca.key

#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt

#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt

#SSLVerifyClient require
#SSLVerifyDepth  10

#
#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#

#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire

    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars


SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
Posted by at No comments:

Tuesday 10 February 2015

Basic mcollective commands 

# mco ping
# mco find
Service 
# mco rpc service status service=httpd
# mco rpc service stop service=httpd
# mco rpc service start service=httpd
Use the -I filter to target a specific machine, eg: 
# mco rpc service status service=httpd -I node01.domain.net
RPC 
# mco rpc rpcutil get_fact fact=operatingsystem
Posted by at No comments:

Monday 9 February 2015

Basic Ganeti Commands

Show nodes and instances: 
# gnt-node list
# gnt-instance list
List instances and there primary and secondary disks: 
# gnt-instance list --no-headers -o name,pnode,snodes
Move secondary disks to another node: 
# gnt-instance replace-disks -n
Migrate instance to secondary node: 
# gnt-instance migrate
View storage & volumes 
# gnt-node list-storage

# gnt-node volumes
Posted by at No comments:

Thursday 5 February 2015

Cannot run ActiveMQ to listen on port 61614 (or any other ports)? Create the activemq-data/localhost/ directory

Check the ActiveMQ log: 
# tail /var/log/activemq/activemq.log
2015-02-04 12:04:42,929 [main           ] INFO  SharedFileLocker               - Database activemq-data/localhost/KahaDB/lock is locked... waiting 10 seconds for the database to be unlocked. Reason: java.io.IOException: Failed to create directory 'activemq-data/localhost/KahaDB'
2015-02-04 12:04:52,929 [main           ] INFO  SharedFileLocker               - Database activemq-data/localhost/KahaDB/lock is locked... waiting 10 seconds for the database to be unlocked. Reason: java.io.IOException: Failed to create directory 'activemq-data/localhost/KahaDB'
2015-02-04 12:05:02,931 [main           ] INFO  SharedFileLocker               - Database activemq-data/localhost/KahaDB/lock is locked... waiting 10 seconds for the database to be unlocked. Reason: java.io.IOException: Failed to create directory 'activemq-data/localhost/KahaDB'
2015-02-04 12:05:12,932 [main           ] INFO  SharedFileLocker               - Database activemq-data/localhost/KahaDB/lock is locked... waiting 10 seconds for the database to be unlocked. Reason: java.io.IOException: Failed to create directory 'activemq-data/localhost/KahaDB'
2015-02-04 12:05:22,933 [main           ] INFO  SharedFileLocker               - Database activemq-data/localhost/KahaDB/lock is locked... waiting 10 seconds for the database to be unlocked. Reason: java.io.IOException: Failed to create directory 'activemq-data/localhost/KahaDB'
2015-02-04 12:05:34,208 [main           ] INFO  XBeanBrokerFactory$1           - Refreshing org.apache.activemq.xbean.XBeanBrokerFactory$1@6bf28508: startup date [Wed Feb 04 12:05:34 GMT 2015]; root of context hierarchy
2015-02-04 12:05:35,332 [main           ] INFO  PListStoreImpl                 - PListStore:[/usr/share/activemq/activemq-data/localhost/tmp_storage] started
2015-02-04 12:05:35,466 [main           ] INFO  BrokerService                  - Using Persistence Adapter: KahaDBPersistenceAdapter[/usr/share/activemq/activemq-data/localhost/KahaDB]
2015-02-04 12:05:35,467 [JMX connector  ] INFO  ManagementContext              - JMX consoles can connect to service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi
2015-02-04 12:05:35,468 [main           ] INFO  SharedFileLocker               - Database activemq-data/localhost/KahaDB/lock is locked... waiting 10 seconds for the database to be unlocked. Reason: java.io.IOException: Failed to create directory 'activemq-data/localhost/KahaDB'
There's no 'activemq-data' or 'activemq-data/localhost' or 'activemq-data/localhost/KahaDB', so create it: 
# mkdir -p /usr/share/activemq/activemq-data/localhost/
# chown -R activemq:activemq /usr/share/activemq/activemq-data/localhost/
# service activemq restart
Look at the logs again, use lsof on the port: 
# tail /var/log/activemq/activemq.log
2015-02-04 12:08:22,850 [main           ] INFO  ndingBeanNameUrlHandlerMapping - Mapped URL path [/moveMessage.action] onto handler '/moveMessage.action'
2015-02-04 12:08:22,850 [main           ] INFO  ndingBeanNameUrlHandlerMapping - Mapped URL path [/deleteJob.action] onto handler '/deleteJob.action'
2015-02-04 12:08:22,955 [main           ] INFO  WebAppContext                  - ActiveMQ Console at http://0.0.0.0:8161/admin
2015-02-04 12:08:22,968 [main           ] INFO  ContextHandler                 - started o.e.j.w.WebAppContext{/camel,file:/var/lib/activemq/webapps/camel}
2015-02-04 12:08:22,973 [main           ] INFO  WebAppContext                  - WebApp@1311779403 at http://0.0.0.0:8161/camel
2015-02-04 12:08:22,986 [main           ] INFO  ContextHandler                 - started o.e.j.w.WebAppContext{/demo,file:/var/lib/activemq/webapps/demo}
2015-02-04 12:08:22,991 [main           ] INFO  WebAppContext                  - WebApp@1311779403 at http://0.0.0.0:8161/demo
2015-02-04 12:08:23,003 [main           ] INFO  ContextHandler                 - started o.e.j.w.WebAppContext{/fileserver,file:/var/lib/activemq/webapps/fileserver}
2015-02-04 12:08:23,008 [main           ] INFO  WebAppContext                  - WebApp@1311779403 at http://0.0.0.0:8161/fileserver
2015-02-04 12:08:23,024 [main           ] INFO  AbstractConnector              - Started SelectChannelConnector@0.0.0.0:8161


# lsof -i:61614
COMMAND   PID     USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
java    48120 activemq  132u  IPv6 49240809      0t0  TCP *:61614 (LISTEN)
Posted by at No comments:

Wednesday 4 February 2015

Having trouble shutting down ActiveMQ? - Connection refused to host: localhost; nested exception 

# service activemq stop
INFO: Loading '/etc/sysconfig/activemq'
INFO: Using java 'java'
INFO: changing to user 'activemq' to invoke java
INFO: Waiting at least 30 seconds for regular process termination of pid '32766' :
Java Runtime: Oracle Corporation 1.7.0_75 /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.75.x86_64/jre
  Heap sizes: current=503296k  free=498011k  max=503296k
    JVM args: -Xms512m -Xmx512m -Djava.util.logging.config.file=logging.properties -Dhawtio.realm=activemq -Dhawtio.role=admins -Dhawtio.rolePrincipalClasses=org.apache.activemq.jaas.GroupPrincipal -Djava.security.auth.login.config=/etc/activemq/login.config -Dactivemq.classpath=/etc/activemq; -Dactivemq.home=/usr/share/activemq -Dactivemq.base=/usr/share/activemq -Dactivemq.conf=/etc/activemq -Dactivemq.data=/usr/share/activemq/data
Extensions classpath:
  [/usr/share/activemq/lib,/usr/share/activemq/lib/camel,/usr/share/activemq/lib/optional,/usr/share/activemq/lib/web,/usr/share/activemq/lib/extra]
ACTIVEMQ_HOME: /usr/share/activemq
ACTIVEMQ_BASE: /usr/share/activemq
ACTIVEMQ_CONF: /etc/activemq
ACTIVEMQ_DATA: /usr/share/activemq/data
Connecting to pid: 32766
INFO: failed to resolve jmxUrl for pid:32766, using default JMX url
Connecting to JMX URL: service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi
ERROR: java.lang.RuntimeException: Failed to execute stop task. Reason: java.io.IOException: Failed to retrieve RMIServer stub: javax.naming.ServiceUnavailableException [Root exception is java.rmi.ConnectException: Connection refused to host: localhost; nested exception is:
        java.net.ConnectException: Connection refused]
java.lang.RuntimeException: Failed to execute stop task. Reason: java.io.IOException: Failed to retrieve RMIServer stub: javax.naming.ServiceUnavailableException [Root exception is java.rmi.ConnectException: Connection refused to host: localhost; nested exception is:
        java.net.ConnectException: Connection refused]
        at org.apache.activemq.console.command.ShutdownCommand.runTask(ShutdownCommand.java:116)
        at org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:57)
        at org.apache.activemq.console.command.AbstractJmxCommand.execute(AbstractJmxCommand.java:387)
        at org.apache.activemq.console.command.ShellCommand.runTask(ShellCommand.java:150)
        at org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:57)
        at org.apache.activemq.console.command.ShellCommand.main(ShellCommand.java:104)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.apache.activemq.console.Main.runTaskClass(Main.java:262)
        at org.apache.activemq.console.Main.main(Main.java:115)
ERROR: java.lang.Exception: java.io.IOException: Failed to retrieve RMIServer stub: javax.naming.ServiceUnavailableException [Root exception is java.rmi.ConnectException: Connection refused to host: localhost; nested exception is:
        java.net.ConnectException: Connection refused]
java.lang.Exception: java.io.IOException: Failed to retrieve RMIServer stub: javax.naming.ServiceUnavailableException [Root exception is java.rmi.ConnectException: Connection refused to host: localhost; nested exception is:
        java.net.ConnectException: Connection refused]
        at org.apache.activemq.console.command.ShutdownCommand.runTask(ShutdownCommand.java:117)
        at org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:57)
        at org.apache.activemq.console.command.AbstractJmxCommand.execute(AbstractJmxCommand.java:387)
        at org.apache.activemq.console.command.ShellCommand.runTask(ShellCommand.java:150)
        at org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:57)
        at org.apache.activemq.console.command.ShellCommand.main(ShellCommand.java:104)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.apache.activemq.console.Main.runTaskClass(Main.java:262)
        at org.apache.activemq.console.Main.main(Main.java:115)
Caused by: java.io.IOException: Failed to retrieve RMIServer stub: javax.naming.ServiceUnavailableException [Root exception is java.rmi.ConnectException: Connection refused to host: localhost; nested exception is:
        java.net.ConnectException: Connection refused]
        at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:369)
        at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:268)
        at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:227)
        at org.apache.activemq.console.command.AbstractJmxCommand.createJmxConnector(AbstractJmxCommand.java:279)
        at org.apache.activemq.console.command.AbstractJmxCommand.createJmxConnection(AbstractJmxCommand.java:302)
        at org.apache.activemq.console.command.ShutdownCommand.runTask(ShutdownCommand.java:81)
        ... 11 more
Caused by: javax.naming.ServiceUnavailableException [Root exception is java.rmi.ConnectException: Connection refused to host: localhost; nested exception is:
        java.net.ConnectException: Connection refused]
        at com.sun.jndi.rmi.registry.RegistryContext.lookup(RegistryContext.java:118)
        at com.sun.jndi.toolkit.url.GenericURLContext.lookup(GenericURLContext.java:203)
        at javax.naming.InitialContext.lookup(InitialContext.java:411)
        at javax.management.remote.rmi.RMIConnector.findRMIServerJNDI(RMIConnector.java:1929)
        at javax.management.remote.rmi.RMIConnector.findRMIServer(RMIConnector.java:1896)
        at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:286)
        ... 16 more
Caused by: java.rmi.ConnectException: Connection refused to host: localhost; nested exception is:
        java.net.ConnectException: Connection refused
        at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:619)
        at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:216)
        at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
        at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:341)
        at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
        at com.sun.jndi.rmi.registry.RegistryContext.lookup(RegistryContext.java:114)
        ... 21 more
Caused by: java.net.ConnectException: Connection refused
        at java.net.PlainSocketImpl.socketConnect(Native Method)
        at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
        at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
        at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
        at java.net.Socket.connect(Socket.java:579)
        at java.net.Socket.connect(Socket.java:528)
        at java.net.Socket.(Socket.java:425)
        at java.net.Socket.(Socket.java:208)
        at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:40)
        at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:147)
        at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:613)
        ... 26 more
.............................
INFO: Regular shutdown not successful,  sending SIGKILL to process with pid '32766'
Edit the activemq.xml file and change the following createConnector="false" to true:
Posted by at 1 comment:

Tuesday 3 February 2015

Cannot get latest version of phpMyAdmin to work - mb_detect_encoding gettext error

Do you get a blank page with the latest version of phpMyAdmin? Looking in the logs you see: 
[Tue Feb 03 11:47:35 2015] [error] [client 137.222.17.70] PHP Fatal error:  Call
 to undefined function mb_detect_encoding() in libraries/php-gettext/gettext.inc on line 177
Install php-mbstring: 
# yum install php-mbstring
Posted by at No comments:

Monday 2 February 2015

Clear Puppet Client Certificate - for signing by another server 

root@puppetclient:~# puppet agent --test
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetmaster.domain.net]
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetmaster.domain.net]
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet://puppet/pluginfacts: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetmaster.domain.net]
Wrapped exception:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetmaster.domain.net]
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetmaster.domain.net]
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://puppet/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetmaster.domain.net]
Wrapped exception:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetmaster.domain.net]
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetmaster.domain.net]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetmaster.domain.net]

root@puppetclient:~# cd /etc/puppet/

environments  manifests  modules  ssl  templates
root@puppetclient:/etc/puppet# mv ssl /var/tmp

root@puppetclient:/etc/puppet# puppet cert list -a
Notice: Signed certificate request for ca

root@puppetclient:/etc/puppet# puppet agent --test
Info: Creating a new SSL key for puppetclient.domain.net
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppetclient.domain.net
Info: Certificate Request fingerprint (SHA256): A4:3D:23:2F:9C:76:FD:BE:D3:3F:D4:CE:9B:CA:88:00:4F:C3:07:4A:2D:FB:A1:A1:61:21:E1:10:03:07:6C:C3
Info: Caching certificate for puppetclient.domain.net
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for ca
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Error 400 on SERVER: Failed to find puppetclient.domain.net via exec: Execution of '/etc/puppet/node.rb puppetclient.domain.net' returned 1:
Info: Retrieving pluginfacts
Info: Retrieving plugin
Notice: /File[/var/lib/puppet/lib/puppet]/ensure: created
Notice: /File[/var/lib/puppet/lib/puppet/provider]/ensure: created
Notice: /File[/var/lib/puppet/lib/puppet/provider/augeasprovider]/ensure: created
Notice: /File[/var/lib/puppet/lib/puppet/provider/ini_subsetting]/ensure: created
Notice: /File[/var/lib/puppet/lib/puppet/provider/augeasprovider/default.rb]/ensure: defined content as '{md5}b5377fd9cd6f96b0bd08e7213c7fc363'
Notice: /File[/var/lib/puppet/lib/puppet/provider/file_line]/ensure: created
Notice: /File[/var/lib/puppet/lib/puppet/util]/ensure: created
Notice: /File[/var/lib/puppet/lib/puppet/util/ipcidr.rb]/ensure: defined content as '{md5}e1160dfd6e73fc5ef2bb8abc291f6fd5'

[snip]

Notice: /File[/var/lib/puppet/lib/puppet/parser/functions/parsejson.rb]/ensure: defined content as '{md5}e7f968c34928107b84cd0860daf50ab1'
Notice: /File[/var/lib/puppet/lib/puppet/parser/functions/validate_cmd.rb]/ensure: defined content as '{md5}78fd21cb3fc52efc3b53ba2b3301de18'
Notice: /File[/var/lib/puppet/lib/puppet/parser/functions/nslookup.rb]/ensure: defined content as '{md5}976cfe36eec535d97a17139c7408f0bd'
Info: Loading facts
Info: Caching catalog for puppetclient.domain.net
Info: Applying configuration version '1422885145'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.10 seconds
Posted by at No comments:

Monday 19 January 2015

Can't start a VM with Ganeti - Debian 7

So you just installed a Debian 7 Wheezy Ganeti managed Xen cluster node and it won't start up your VM with this error: 
# gnt-instance start goat.cs
Waiting for job 1277134 for vminstance ...
Job 1277134 for goat.cs has failed: Failure: command execution error:
Could not start instance: Hypervisor error: Failed to start instance goat.cs: exited with exit code 1 (Using config file "/etc/xen/goat.cs".
Error: Device 0 (vif) could not be connected. /etc/xen/scripts/vif-bridge failed; error detected.
)
If look in the log file xen-hotplug.log and see this error: 
# tail /var/log/xen/xen-hotplug.log
/etc/xen/scripts/vif-bridge: line 84: setup_bridge_port: command not found
Then edit the /etc/xen/scripts/xen-network-common.sh script removing the _ (underscore) from the _setup_bridge_port command. This should fix the problem and allow you to start your VM.
Posted by at No comments:

Saturday 17 January 2015

Star Wars - Lego Hobbit - Go Sushi!

Posted by at No comments:

Friday 16 January 2015

Revert to a previous Boot Environment - Solaris 11

Revert to a previous Boot Environment: 
beadm list
beadm activate solaris-backup-1
reboot
Posted by at No comments:

Thursday 15 January 2015

How to set CentOS/Redhat to auto update 

# yum update -y
# yum install yum-cron
# chkconfig yum-cron on
Posted by at No comments:

Wednesday 14 January 2015

Unattended Updates - Debian

To set up auto updates on Debian, do the following: 
apt-get install unattended-upgrades apt-listchanges
Edit /etc/apt/apt.conf.d/50unattended-upgrades and uncomment the line: 
Unattended-Upgrade::Mail "root";
Edit /etc/apt/apt.conf.d/20auto-upgrades, and add the following: 
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
Or run the following command as root: 
dpkg-reconfigure -plow unattended-upgrades
Posted by at No comments:

Tuesday 13 January 2015

Creating an encrupted password for kickstart - CentOS

Use OpenSSL to generate an MD5 crypt: 
# openssl passwd -1 "password here"
$1$e/5d7DEs$bhFiuOQp8MMe785dzvBPv.
Use grub-crypt to generate a SHA256 crypt: 
# grub-crypt --sha-256
Password:
Retype password:
$5$W/DyB05xk2UIZz6k$YyBl36yKHVmaFmJHNS1m/b2/viRa6KnQe3dDQVZZ5n3
Put the password hash in your kickstart file: 
rootpw --iscrypted password_hash
Make sure your authconfig configuration matches the crypt: 
authconfig --enableshadow [--enablemd5|--passalgo=sha256]
Posted by at No comments:

Monday 12 January 2015

INIT: Id “1” respawning too fast: disabled for 5 minutes

Console error message: 
INIT: Id “1” respawning too fast: disabled for 5 minutes
What causes this problem? Apparently, this is due to this line in my /etc/inittab file: 
1:2345:respawn:/sbin/getty 38400 tty1
Which says to spawn a terminal on a non existant serial port. You get a respawning too fast error when an inittab line makes no sense. So simptly comment it out: 
#1:2345:respawn:/sbin/getty 38400 tty1
Posted by at No comments:

Friday 9 January 2015

Puppet List Installed Modules - Install non Puppetforge modules

To list Puppet modules downloaded from puppetforge: 
# puppet module list
/etc/puppet/modules
├── adrien-alternatives (v0.3.0)
├── alkivi-console_data (v0.0.1)
├── attachmentgenie-locales (v1.0.6)
├── example42-puppi (v2.1.10)
├── herculesteam-augeasproviders_core (v2.0.1)
├── herculesteam-augeasproviders_shellvar (v2.0.1)
├── pfmooney-mit_krb5 (v0.0.5)
├── puppetlabs-concat (v1.0.0)
├── puppetlabs-firewall (v1.2.0)
├── puppetlabs-inifile (v1.2.0)
├── puppetlabs-ntp (v3.3.0)
├── puppetlabs-stdlib (v4.3.2)
├── saz-ssh (v2.4.0)
├── ssm-munin (v0.0.5)
├── stahnma-epel (v1.0.2)
├── trlinkin-nsswitch (v1.0.0)
└── trlinkin-validate_multi (v0.1.0)
To install modules from elsewhere: 
cd /var/tmp
wget https://github.com/lermit/puppet-nslcd/archive/master.zip
cd /etc/puppet/environments/testing/
unzip /var/tmp/master.zip
Posted by at No comments:

Thursday 8 January 2015

Calling a Puppet Module in your code

I installed a Puppet module called mit_krb5 so that I could configure Kerberos on my systems. Unfortunately, I was unable to get it to put the correct settings using Foreman, so I wrote some code to do this: 
class uobldap {
class { 'mit_krb5':
  default_realm    => 'ADS.BRIS.AC.UK',
  dns_lookup_realm => false,
  dns_lookup_kdc   => false,
  ticket_lifetime  => '24h',
  renew_lifetime   => '7d',
  forwardable      => true,
}
class { 'mit_krb5::logging':
  default      => 'FILE:/var/log/krb5libs.log',
  kdc          => 'FILE:/var/log/krb5kdc.log',
  admin_server => 'FILE:/var/log/kadmind.log'
}
mit_krb5::realm { 'ADS.BRIS.AC.UK':
  kdc          => 'ads.bris.ac.uk',
  admin_server => 'ads.bris.ac.uk'
}
mit_krb5::domain_realm { 'ADS.BRIS.AC.UK':
  domains => ['.ads.bris.ac.uk', 'ads.bris.ac.uk']
}

}
Posted by at No comments:

Wednesday 7 January 2015

PAM configurations - RedHat/CentOS

PAM On RedHat/CentOS systems linked to LDAP, users with UIDs smaller than 500 are not allowed to log on. Change the settings in /etc/pam.d/system-auth file: 
 #%PAM-1.0
 # This file is auto-generated.
 # User changes will be destroyed the next time authconfig is run.
 auth        required      pam_env.so
 auth        sufficient    pam_unix.so nullok try_first_pass
 auth        requisite     pam_succeed_if.so uid >= 500 quiet
 auth        sufficient    pam_ldap.so use_first_pass
 auth        required      pam_deny.so

 account     required      pam_unix.so broken_shadow
 account     sufficient    pam_succeed_if.so uid < 500 quiet
 account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
 account     required      pam_permit.so

 password    requisite     pam_cracklib.so try_first_pass retry=3
 password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
 password    sufficient    pam_ldap.so use_authtok
 password    required      pam_deny.so

 session     optional      pam_keyinit.so revoke
 session     required      pam_limits.so
 session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
 session     required      pam_unix.so
 session     optional      pam_ldap.so
Change 500 to 100 or some smaller number in the first (3rd) line and change the 'uid < 500' to 'uid > 100' in the second (7th). To allow a user's directory to be automatic created on login, add this line to /etc/pam.d/common-account file: 
# and here are more per-package modules (the "Additional" block)
session   required      pam_mkhomedir.so        umask=077
account      required      pam_krb5.so minimum_uid=1000
# end of pam-auth-update config
Posted by at No comments:

Tuesday 6 January 2015

Installing Puppet Module break foreman(proxy) - uninstall to fix! 

#  puppet module install IvanBayan-krb5
Notice: Preparing to install into /etc/puppet/modules ...
Notice: Downloading from https://forgeapi.puppetlabs.com ...
Warning: Cannot consider release puppet-krb5-0.0.2: Malformed dependency: ripienaar/concat. Exception was: Invalid 'version_range' field in metadata.json: Unparsable version range: ">=1"
Notice: Installing -- do not interrupt ...
/etc/puppet/modules
└─┬ IvanBayan-krb5 (v0.0.3)
  └── puppetlabs-concat (v1.0.0)
Oops, we're sorry but something went wrong Warning! ERF12-4115 [ProxyAPI::ProxyException]: Unable to get classes from Puppet for testing ([RestClient::NotAcceptable]: 406 Not Acceptable) for proxy If you feel this is an error with Foreman itself, please open a new issue with Foreman ticketing system, You would probably need to attach the Full trace and relevant log entries. Back Just uninstall it! 
#  puppet module uninstall IvanBayan-krb5
Notice: Preparing to uninstall 'IvanBayan-krb5' ...
Removed 'IvanBayan-krb5' (v0.0.3) from /etc/puppet/modules
What to do when you can't uninstall? 
# puppet module install myrond-auto_update_debian
Notice: Preparing to install into /etc/puppet/modules ...
Notice: Downloading from https://forgeapi.puppetlabs.com ...
Notice: Installing -- do not interrupt ...
/etc/puppet/modules
└── myrond-auto_update_debian (v1.0.1)
You have new mail in /var/spool/mail/root
# puppet module uninstall myrond-auto_update_debian
Notice: Preparing to uninstall 'myrond-auto_update_debian' ...
Error: Could not uninstall module 'myrond-auto_update_debian' (v1.0.1)
  Installed module has had changes made locally
    Use `puppet module uninstall --ignore-changes` to uninstall this module anyway
# puppet module uninstall --ignore-changes myrond-auto_update_debian
Notice: Preparing to uninstall 'myrond-auto_update_debian' ...
Removed 'myrond-auto_update_debian' (v1.0.1) from /etc/puppet/modules
#
Posted by at No comments:

Monday 5 January 2015

Unable to install puppet on Debian Wheezy - Size mismatch

When I use the following command to install puppet client: 
$ wget http://apt.puppetlabs.com/puppetlabs-release-precise.deb
$ sudo dpkg -i puppetlabs-release-precise.deb
$ sudo apt-get update
$ sudo apt-get install puppet
I get the following Size mismatch errors: 
Get:1 http://cdn.debian.net/debian/ wheezy/main virt-what amd64 1.12-1 [12.9 kB]
Get:2 http://apt.puppetlabs.com/ precise/main facter all 2.3.0-1puppetlabs1 [85.5 kB]
Get:3 http://apt.puppetlabs.com/ precise/main hiera all 1.3.4-1puppetlabs1 [12.9 kB]
Get:4 http://apt.puppetlabs.com/ precise/main puppet-common all 3.7.3-1puppetlabs1 [1654 kB]
Get:5 http://apt.puppetlabs.com/ precise/main puppet all 3.7.3-1puppetlabs1 [9624 B]
Fetched 1775 kB in 0s (3117 kB/s)
Failed to fetch http://apt.puppetlabs.com/pool/precise/main/f/facter/facter_2.3.0-1puppetlabs1_all.deb  Size mismatch
Failed to fetch http://apt.puppetlabs.com/pool/precise/main/h/hiera/hiera_1.3.4-1puppetlabs1_all.deb  Size mismatch
Failed to fetch http://apt.puppetlabs.com/pool/precise/main/p/puppet/puppet-common_3.7.3-1puppetlabs1_all.deb  Size mismatch
Failed to fetch http://apt.puppetlabs.com/pool/precise/main/p/puppet/puppet_3.7.3-1puppetlabs1_all.deb  Size mismatch
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
And no amount of --fix-missing and cache clearing and clean will resolve this issue: 
apt-get install puppet --fix-missing
apt-get clean
rm /var/lib/apt/lists/*
rm /var/cache/apt/archives/partial/*
apt-get clean
apt-get update
It turns out that this is an issue in the puppetlabs-release-precise.deb package. So to fix this issue we need to download the SPECIFIC puppetlabs package - in this case for Debian Wheezy: 
$ wget http://apt.puppetlabs.com/puppetlabs-release-wheezy.deb
$ dpkg -i puppetlabs-release-wheezy.deb
$ apt-get update
$ apt-get install puppet
All this then fine.
Posted by at No comments:
Subscribe to: Posts (Atom)