Can't start a VM with Ganeti - Debian 7

So you just installed a Debian 7 Wheezy Ganeti managed Xen cluster node and it won't start up your VM with this error:

# gnt-instance start goat.cs
Waiting for job 1277134 for vminstance ...
Job 1277134 for goat.cs has failed: Failure: command execution error:
Could not start instance: Hypervisor error: Failed to start instance goat.cs: exited with exit code 1 (Using config file "/etc/xen/goat.cs".
Error: Device 0 (vif) could not be connected. /etc/xen/scripts/vif-bridge failed; error detected.
)

If look in the log file xen-hotplug.log and see this error:

# tail /var/log/xen/xen-hotplug.log
/etc/xen/scripts/vif-bridge: line 84: setup_bridge_port: command not found

Then edit the /etc/xen/scripts/xen-network-common.sh script removing the _ (underscore) from the _setup_bridge_port command. This should fix the problem and allow you to start your VM.

Star Wars - Lego Hobbit - Go Sushi!

Revert to a previous Boot Environment - Solaris 11

Revert to a previous Boot Environment:

beadm list
beadm activate solaris-backup-1
reboot

How to set CentOS/Redhat to auto update

# yum update -y
# yum install yum-cron
# chkconfig yum-cron on

Unattended Updates - Debian

To set up auto updates on Debian, do the following:

apt-get install unattended-upgrades apt-listchanges

Edit /etc/apt/apt.conf.d/50unattended-upgrades and uncomment the line:

Unattended-Upgrade::Mail "root";

Edit /etc/apt/apt.conf.d/20auto-upgrades, and add the following:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

Or run the following command as root:

dpkg-reconfigure -plow unattended-upgrades

Creating an encrupted password for kickstart - CentOS

Use OpenSSL to generate an MD5 crypt:

# openssl passwd -1 "password here"
$1$e/5d7DEs$bhFiuOQp8MMe785dzvBPv.

Use grub-crypt to generate a SHA256 crypt:

# grub-crypt --sha-256
Password:
Retype password:
$5$W/DyB05xk2UIZz6k$YyBl36yKHVmaFmJHNS1m/b2/viRa6KnQe3dDQVZZ5n3

Put the password hash in your kickstart file:

rootpw --iscrypted password_hash

Make sure your authconfig configuration matches the crypt:

authconfig --enableshadow [--enablemd5|--passalgo=sha256]

INIT: Id “1” respawning too fast: disabled for 5 minutes

Console error message:

INIT: Id “1” respawning too fast: disabled for 5 minutes

What causes this problem? Apparently, this is due to this line in my /etc/inittab file:

1:2345:respawn:/sbin/getty 38400 tty1

Which says to spawn a terminal on a non existant serial port. You get a respawning too fast error when an inittab line makes no sense. So simptly comment it out:

#1:2345:respawn:/sbin/getty 38400 tty1

Puppet List Installed Modules - Install non Puppetforge modules

To list Puppet modules downloaded from puppetforge:

# puppet module list
/etc/puppet/modules
├── adrien-alternatives (v0.3.0)
├── alkivi-console_data (v0.0.1)
├── attachmentgenie-locales (v1.0.6)
├── example42-puppi (v2.1.10)
├── herculesteam-augeasproviders_core (v2.0.1)
├── herculesteam-augeasproviders_shellvar (v2.0.1)
├── pfmooney-mit_krb5 (v0.0.5)
├── puppetlabs-concat (v1.0.0)
├── puppetlabs-firewall (v1.2.0)
├── puppetlabs-inifile (v1.2.0)
├── puppetlabs-ntp (v3.3.0)
├── puppetlabs-stdlib (v4.3.2)
├── saz-ssh (v2.4.0)
├── ssm-munin (v0.0.5)
├── stahnma-epel (v1.0.2)
├── trlinkin-nsswitch (v1.0.0)
└── trlinkin-validate_multi (v0.1.0)

To install modules from elsewhere:

cd /var/tmp
wget https://github.com/lermit/puppet-nslcd/archive/master.zip
cd /etc/puppet/environments/testing/
unzip /var/tmp/master.zip

Calling a Puppet Module in your code

I installed a Puppet module called mit_krb5 so that I could configure Kerberos on my systems. Unfortunately, I was unable to get it to put the correct settings using Foreman, so I wrote some code to do this:

class uobldap {
class { 'mit_krb5':
  default_realm    => 'ADS.BRIS.AC.UK',
  dns_lookup_realm => false,
  dns_lookup_kdc   => false,
  ticket_lifetime  => '24h',
  renew_lifetime   => '7d',
  forwardable      => true,
}
class { 'mit_krb5::logging':
  default      => 'FILE:/var/log/krb5libs.log',
  kdc          => 'FILE:/var/log/krb5kdc.log',
  admin_server => 'FILE:/var/log/kadmind.log'
}
mit_krb5::realm { 'ADS.BRIS.AC.UK':
  kdc          => 'ads.bris.ac.uk',
  admin_server => 'ads.bris.ac.uk'
}
mit_krb5::domain_realm { 'ADS.BRIS.AC.UK':
  domains => ['.ads.bris.ac.uk', 'ads.bris.ac.uk']
}

}

PAM configurations - RedHat/CentOS

PAM On RedHat/CentOS systems linked to LDAP, users with UIDs smaller than 500 are not allowed to log on. Change the settings in /etc/pam.d/system-auth file:

 #%PAM-1.0
 # This file is auto-generated.
 # User changes will be destroyed the next time authconfig is run.
 auth        required      pam_env.so
 auth        sufficient    pam_unix.so nullok try_first_pass
 auth        requisite     pam_succeed_if.so uid >= 500 quiet
 auth        sufficient    pam_ldap.so use_first_pass
 auth        required      pam_deny.so

 account     required      pam_unix.so broken_shadow
 account     sufficient    pam_succeed_if.so uid < 500 quiet
 account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
 account     required      pam_permit.so

 password    requisite     pam_cracklib.so try_first_pass retry=3
 password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
 password    sufficient    pam_ldap.so use_authtok
 password    required      pam_deny.so

 session     optional      pam_keyinit.so revoke
 session     required      pam_limits.so
 session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
 session     required      pam_unix.so
 session     optional      pam_ldap.so

Change 500 to 100 or some smaller number in the first (3rd) line and change the 'uid < 500' to 'uid > 100' in the second (7th). To allow a user's directory to be automatic created on login, add this line to /etc/pam.d/common-account file:

# and here are more per-package modules (the "Additional" block)
session   required      pam_mkhomedir.so        umask=077
account      required      pam_krb5.so minimum_uid=1000
# end of pam-auth-update config

Installing Puppet Module break foreman(proxy) - uninstall to fix!

#  puppet module install IvanBayan-krb5
Notice: Preparing to install into /etc/puppet/modules ...
Notice: Downloading from https://forgeapi.puppetlabs.com ...
Warning: Cannot consider release puppet-krb5-0.0.2: Malformed dependency: ripienaar/concat. Exception was: Invalid 'version_range' field in metadata.json: Unparsable version range: ">=1"
Notice: Installing -- do not interrupt ...
/etc/puppet/modules
└─┬ IvanBayan-krb5 (v0.0.3)
  └── puppetlabs-concat (v1.0.0)

Oops, we're sorry but something went wrong Warning! ERF12-4115 [ProxyAPI::ProxyException]: Unable to get classes from Puppet for testing ([RestClient::NotAcceptable]: 406 Not Acceptable) for proxy If you feel this is an error with Foreman itself, please open a new issue with Foreman ticketing system, You would probably need to attach the Full trace and relevant log entries. Back Just uninstall it!

#  puppet module uninstall IvanBayan-krb5
Notice: Preparing to uninstall 'IvanBayan-krb5' ...
Removed 'IvanBayan-krb5' (v0.0.3) from /etc/puppet/modules

What to do when you can't uninstall?

# puppet module install myrond-auto_update_debian
Notice: Preparing to install into /etc/puppet/modules ...
Notice: Downloading from https://forgeapi.puppetlabs.com ...
Notice: Installing -- do not interrupt ...
/etc/puppet/modules
└── myrond-auto_update_debian (v1.0.1)
You have new mail in /var/spool/mail/root
# puppet module uninstall myrond-auto_update_debian
Notice: Preparing to uninstall 'myrond-auto_update_debian' ...
Error: Could not uninstall module 'myrond-auto_update_debian' (v1.0.1)
  Installed module has had changes made locally
    Use `puppet module uninstall --ignore-changes` to uninstall this module anyway
# puppet module uninstall --ignore-changes myrond-auto_update_debian
Notice: Preparing to uninstall 'myrond-auto_update_debian' ...
Removed 'myrond-auto_update_debian' (v1.0.1) from /etc/puppet/modules
#

Unable to install puppet on Debian Wheezy - Size mismatch

When I use the following command to install puppet client:

$ wget http://apt.puppetlabs.com/puppetlabs-release-precise.deb
$ sudo dpkg -i puppetlabs-release-precise.deb
$ sudo apt-get update
$ sudo apt-get install puppet

I get the following Size mismatch errors:

Get:1 http://cdn.debian.net/debian/ wheezy/main virt-what amd64 1.12-1 [12.9 kB]
Get:2 http://apt.puppetlabs.com/ precise/main facter all 2.3.0-1puppetlabs1 [85.5 kB]
Get:3 http://apt.puppetlabs.com/ precise/main hiera all 1.3.4-1puppetlabs1 [12.9 kB]
Get:4 http://apt.puppetlabs.com/ precise/main puppet-common all 3.7.3-1puppetlabs1 [1654 kB]
Get:5 http://apt.puppetlabs.com/ precise/main puppet all 3.7.3-1puppetlabs1 [9624 B]
Fetched 1775 kB in 0s (3117 kB/s)
Failed to fetch http://apt.puppetlabs.com/pool/precise/main/f/facter/facter_2.3.0-1puppetlabs1_all.deb  Size mismatch
Failed to fetch http://apt.puppetlabs.com/pool/precise/main/h/hiera/hiera_1.3.4-1puppetlabs1_all.deb  Size mismatch
Failed to fetch http://apt.puppetlabs.com/pool/precise/main/p/puppet/puppet-common_3.7.3-1puppetlabs1_all.deb  Size mismatch
Failed to fetch http://apt.puppetlabs.com/pool/precise/main/p/puppet/puppet_3.7.3-1puppetlabs1_all.deb  Size mismatch
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

And no amount of --fix-missing and cache clearing and clean will resolve this issue:

apt-get install puppet --fix-missing
apt-get clean
rm /var/lib/apt/lists/*
rm /var/cache/apt/archives/partial/*
apt-get clean
apt-get update

It turns out that this is an issue in the puppetlabs-release-precise.deb package. So to fix this issue we need to download the SPECIFIC puppetlabs package - in this case for Debian Wheezy:

$ wget http://apt.puppetlabs.com/puppetlabs-release-wheezy.deb
$ dpkg -i puppetlabs-release-wheezy.deb
$ apt-get update
$ apt-get install puppet

All this then fine.