Posts filed under ‘Linux’
Using RHEL Subscription in Virtual Data Center.
Hi All
Recently I got an opportunity to work in a project that involved with RHEL 7.4 Deployment. This projects required several VM’s as it was intended to use Kubernetes on RHEL. In this post I am focusing on how to register the RHEL VM’s using the RHEL Virtual DataCenter Subscription licenses. In my case VMware was being used as the Hypervisor.
Once you procure the required license and RH Customer portal access is ready. You need to configure virt-who on one of the VM’s(This VM does not need to be the production VM , as I prefered in my case). Below steps will outline the process.
- On the newly created VM , you need to install the virt-who (using the RHEL Media as the REPO. This VM will be the virt-who host).
- Run the command subscription-managaer register
- Run the command subscription-manager idenetity.(Note down the value for Org ID as you will use it in the below steps)
- Browse to /etc/virt-who.d .
- In order to create the configuration file you could use the URL https://access.redhat.com/labs/virtwhoconfig/ as it provide a step-by-step wizard to create the required entries.
- Copy the the contents to a file in the folder mentioned in step-4
- name of the file should match with the configuration name in the file created by the wizard.(File extension should be .conf)
- Edit the virt-who file /etc/sysconfig/virt-who and add the below
VIRTWHO_INTERVAL=300
VIRTWHO_BACKGROUND=1
VIRTWHO_DEBUG=1 - Run the command virt-who –one-shot(This will verify the configuration parameter’s are correct)
- Then start the virt-who services(systemctl start virt-who)
- Run the command on the virt-who VM
subscription-manager attach –auto - On the remaining VM’s run
subscription-manager register
subscription-manager attach –auto. (You don’t need to configure virt-who services on the other VM’s)That’s it login to RHEL portal and verify that you could see the Hypervisor and the VM’s
NOTE1: When creating the virt-who.conf you need to provide a username & password who have access to your VCenter server .This user needs only a Read-Only Permission
NOTE2: For best practices you could configure 2 VM’s with virt-who services.
NOTE3: You should be able to see the ESXi host and the VM’s in the URL -https://access.redhat.com/management/systems. You need to ensure that the proper subscription has been entitled to both.
How to use the RHEL / CentOS Media as the Repository.
When you don’t have an active subscription with RHN , you will not be ale to install any packages via yum command. In that case the only way to overcome this situation is to use your installation CD or the binary CD you have downloaded from the RHEL website.
1.
#mount /dev/sr0 /mnt
2.Copy the media.repo file from the root of the mounted directory to /etc/yum.repos.d/ and set the permissions to something sane,
#cp /mnt/media.repo /etc/yum.repos.d/rhel7dvd.repo
#chmod 644 /etc/yum.repos.d/rhel7dvd.repo
3.Edit the new repo file, changing the gpgcheck=0 setting to 1 and adding the following 3 lines
enabled=1
baseurl=file:///mnt/ –> Here provide the mount point you used in Step1—>
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
4.
# yum clean all
# subscription-manager clean
5. Once the above steps are completed you could begin with your familiar yum installation.
NOTE: I have not tried these steps in CentOS , but I believe it is portable and applicable.
How to check the Physical Status of Network Card in Linux
On Linux servers the status of NIC cards cannot be determined via the ipconfig command alone , in that case you could use one of the below commands to get the required infromation
# mii-tool eth0
# cat /sys/class/net/eth0/operatestate
# ethtool eth0
# ip link ls dev eth0
Good Luck .
Cannot retreive metalink for repository epel
Hi
If some body receive the above error first you should check the connectivity and firewall issues and still if the problem persist.
Sample Error
You should edit the /etc/yum/repos.d/CentOS-base.repo or epel.repo
and change all the URL’s that pointing to https to http save the file
Restart the yum process.
Hint – Always start the yum process with debug switch ,which helps us in troubleshooting – ( yum -d6 update)
CentOS yum error 14: PCYURL ERROR 7 – “Failed to connect to 2a02:2498:1:3d:5054:ff:fed3:e9
Dear Folks
When you are trying to update the system with yum , you may come with the above error , In which the yum tool is trying to resolve the mirrorlist url’s via IPv6 Address.
What happens here is that when the yum is unable to resolve and reach the IPv4 address it end up trying the IPv6.
Hence if you face the similar issue , I would advice you to go through the below steps and identify the real cause.
Step 1 – Check whether you could resolve the URL (mirrorlist.centos.org) via nslookup or dig and get an IPV6 address.
If you fail at the above step check for the DNS configurations in /etc/resolv.conf
Step 2 – Check with the firewall team that they have allowed the ports 80 , 443 ,21 from the linux server.
In my case it was the firewall blockage.
I have been googling regarding the same issue and found out that several articles pointing to IPV6 saying that to disable it. Hence you could try that as a last resort , if the above steps did not succeed.
– edit the /etc/sysconfig/network and the /etc/sysconfig/network-scripts/ifcfg-eth* files to disable any entries pointing to IPv6
– edit /etc/sysctl.conf and put the below entries and reboot the server
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 =
– disable the ip6tables.
Good Luck
How to install only Security Updates on CentOS
Hi Folks
These commands are useful when you want to install only the sceurity updates in order to meet any compliance such as PCI
First you need to install the security plugin for the Yum
#yum install yum-security
Once it installed
#yum list-security —–> To check the security updates avaialable
#yum update –security ——> To install only the Securuty Updates.
Good Luck..
How to idenitfy a process ID using the TCP Port
Recently i had an issue in one of my linux machines, where I was unable to start the acronis_agent service which listens on TCP Port ;
Later I realised that already so many processes are listening on the TCP port.
To check the open connection for a TCP port
# netstat -an | grep 9876 ( In my case acronis_agent uses TCP 9876)
It was showing multiple connections………….
To check the PID(Process ID ) for all the sessions which are using the port 9876
#lsof -i TCP:9876
finally you could use the almighty command “kill -9 PID” …. boom everything became normal.
Linux Guide
Anyy body looking for a brief documentation on RHEL can make use of the below files , which I made for my linux class
Sendmail STARTTLS: read error=generic SSL error
I was having an issue with my sendmail server where I receives this error which will cause the sendmails logs grow drastically and fill the /var partition.
further it will stop the mail flow ( when /var partition is full)
So i wrote this bash script which does the following;
– look for this error in the maillog
– when it finds it will kill the sendmail process which is causing the sendmail to log multiple entries in the logfile and will restart the sendmail and syslog daemons.
anybody is welcome to give their comment on improvements or any drawbacks on this script good luck…….
#!/bin/bash
LAST=’last message’
SSL=”STARTTLS: read error=generic SSL error (0)”
S1=”0″
cp /var/log/maillog /home/muralee/log_check/maillog
grep “STARTTLS: read error=generic SSL error (0)” /home/muralee/log_check/maillog |awk ‘/sendmail/ {print $5}’ | tr -d [digit:]”sendmail[]” > records.txt
#grep “STARTTLS: read error=generic SSL error (0)” /home/muralee/maillog.1 |awk ‘/sendmail/ {print $5}’ | tr -d [digit:]”sendmail[]” > records.txt
results=$(wc -l records.txt | awk ‘/records/ {print $1}’)
if [[ $results -eq 0 ]];then
echo “Sendmail is Fine”
fi
if [[ $results -ne 0 ]]; then
pkill sendmail
/etc/init.d/sendmail restart
/etc/init.d/syslog restart
echo “Problem resolved”
cat /dev/null > records.txt
Hope you like it.. 