sudo: effective uid is not 0, is sudo installed setuid root
When messing with up acl’s you may come across situation where the sudo will be stopped from functioning. Especially , when you typed sudo you may notice the error “sudo: effective uid is not 0, is sudo installed setuid root”.
To diagnose the issue
Step1:
Check the /etc/sudoers file , whether you have added the group or the user name in the sudoers file for e.g: user abc
abc ALL=(ALL) NOPASSWD: ALL
Step2: if the output of the step 1 is correct check the permission on sudo as below (Output of a working sudo)
# ls -l /usr/bin/sudo
—s–x–x 2 root root 190904 Mar 4 18:21 /usr/bin/sudo
# stat /usr/bin/sudo
…
Access: (4111/—s–x–x) Uid: ( 0/ root) Gid: ( 0/ root)
In case , if you find the output of Step 2 is not matching with yours you can reset the permission to default
# rpm –setperms sudo.
VMware PowerCLI
In this post , I am going to cover the PowerCLI module for VMware. Whenever, I came across a new cmd-let , I will update this post.
First things first, You need to install the PowerCLI. Now , the Windows Powershell have the VMware PowerCLI module. So you could simply install it by.
PS> Install-Module -Name VMware.PowerCLI
Then import it before using the Power CLI.
# To verify the version:
PS> Get-PowerCLIVersion
# To login to VCenter
PS> Connect-VIServer -Server “vcenterhostname”
# To Suppress the Certificate Warning/Error
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false
#To list the VM’s with their creation date.
Get-VM | fl Name,CreateDate
How to re-configure /configure IPMI using ipmitool in ESXi
This post covers the steps needed to assign / change IP address for IPMI without logging in to IPMI Portal or restarting the server. The tool we are going to use is ipmitool builtin to ESXi.
To get the current IPMI IP Details
#/ipmitool lan print 1
[root@esxi]# /ipmitool lan set 1 ipsrc static
[root@esxi]# /ipmitool lan set 1 ipaddr x.x.x.x
Setting LAN IP Address to x.x.x.x
[root@esxi]# /ipmitool lan set 1 netmask x.x.x.x
Setting LAN Subnet Mask to x.x.x.x
[root@esxi]# /ipmitool lan set 1 defgw ipaddr x.x.x.x
Setting LAN Default Gateway IP to x.x.x.x
[root@esxi]# /ipmitool lan set 1 defgw macaddr xx:xx:xx:xx:xx:xx
Setting LAN Default Gateway MAC to xx:xx:xx:xx:xx:xx
[root@esxi]# /ipmitool lan set 1 arp respond on
Enabling BMC-generated ARP responses
[root@esxi]# /ipmitool lan set 1 snmp public
Setting LAN SNMP Community String to public
Change the IPMI Password
[root@esxi]# /ipmitool user list (Note down the user ID in mycase it is 2)
[root@esxi]# /ipmitool user set password 2
[root@esxi]# /ipmitool lan set 1 access on
Update1:
To recreate the SSL certificate(Incase if the IPMI Page self-signed certificate is expired
./ipmitool raw 0x30 0x68 0x0
Source:https://portal.nutanix.com/#page/kbs/details?targetId=kA0600000008db6CAA
How can I create a disk partition on a disk that is greater than 2TB in size on Red Hat Enterprise Linux?
When we try to partition a disk that is larger than 2 TB , you must use the parted utility instead of fdisk. In this example I am referring to my disk as /dev/sdj
#parted /dev/sdj
Using /dev/sdj
Welcome to GNU Parted! Type ‘help’ to view a list of commands.
(parted)
#(parted) mklabel —–> This will create a GPT label on the disk.
Warning: The existing disk label on /dev/sdj will be destroyed and all data on this disk will be lost. Do you want to continue?
Yes/No? Yes
New disk label type? [gpt]? gpt
(parted)
(parted) print
Model: Linux device-mapper (dm)
Disk /dev/sdj: 5662310.4MB ————-> Note down this value as we will be using it the below commands)
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Number Start End Size File system Name Flags
Create the partition:
(parted) mkpart primary 0 5662310.4MB
(parted) print ——–> Use this command to verify the partition created.
Unlike , the fdisk , you don’t need to issue the write command to save the changes. Simply type quit to exit from the parted utility. Thereafter , you could proceed with the file system creation.
Root Cause
The fdisk command only supports the legacy MBR partition table format (also known as msdos partition table)
* MBR partition tables use data fields that have a maximum of 32 bit sector numbers, and with 512 bytes/sector that means a maximum of 2^(32+9) bytes per disk or partition is supported.
*MBR partition table can not support accessing data on disks past 2.19TB due to the above limitation
Note that some older versions of fdisk may permit a larger size to be created but the resulting partition table will be invalid.
The parted command can create disk labels using MBR (msdos), GUID Partition Table (GPT), SUN disk labels and many more types.
* The GPT disk label overcomes many of the limitations of the DOS MBR including restrictions on the size of the disk, the size of any one partition and the overall number of partitions.
* Note that booting from a GPT labelled volume requires firmware support and this is not commonly available on non-EFI platforms (including x86 and x86_64 architectures).
How to download ISO/Disk Images from Nutanix Image Service.
Hi Folks
Unlike VCenter , there is no straightforward method to download the ISO’s or Disk Images you have uploaded to the Image Service.(In VCenter , you could perform both upload / download files from the datastore).
In Nutanix AHV , you need to run the below commands to achieve the same results.(As per Nutanix , this need to be done , under Nutanix Support only).
#Login to any of the CVM.
# nuclei image.list —-> This will list all the images with the UUID
###### EXAMPLE OUTPUT ######
Name UUID State
MyISO yyyyyyyyyyyyyyyyyyyyyyyyyyyyyy COMPLETE
###### EXAMPLE OUTPUT ######
# nuclei image.get yyyyyyyyyyyyyyyyyyyyyyyyyyyyyy –> Get the Cluster UUID.
###### EXAMPLE OUTPUT ######
current_cluster_reference_list:
– kind: cluster
uuid: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
###### EXAMPLE OUTPUT ######
# ncli multicluster get-cluster-state | grep -C5 <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> –> This will get the cluster name:
###### EXAMPLE OUTPUT ######
Cluster Id : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Cluster Name : MYCLUSTER
Is Multicluster : false
Controller VM IP Addre… : [x.x.x.x. …………………………………….]
External or Masqueradi… : y.y.y.y (Cluster IP)
###### EXAMPLE OUTPUT ######
NOTE : The above commands are used , when you are managing multiple cluster via PC , and you need to locate the image and in which cluster the image is stored.
Thereafter , run the below command from your workstation (You must have curl installed , and the command must be run from the bin folder , where the curl is installed)
curl-7.68.0-win64-mingw\bin>curl -k -u admin -X GET –header “Accept: application/json” “https://y.y.y.y.:9440/api/nutanix/v3/images/ac799
d52-60e3-448f-a0f9-d4de756b0d01/file” –output SQL.iso
Update1: The Curl command syntax has been updated.
How to install and configure LAPS
Recently , we had to deploy LAPS on one of our client environment. The requirement was to manage the local administrator password of all the domain joined workstations / servers via centrally. I used the below guides to complete the installation .(Kudos to the blog owners)
Source1:
https://scripting.rocks/sysadmin/laps/
Source2:
https://vands.pro/wp-content/uploads/2019/12/step-by-step-guide-to-deploy-microsoft-laps-1.pdf
(via :prajwaldesai.com).
In addition to the above you may come across the below issues.
- Unable to configure the Group Policy using the LAPS Administrator Template or missing LAPS Administrator Templates.
Solution: You need to run the laps installation on the DC and remove all the options and select only ” GPO editor templates” - Manual Password reset via Fat Client / Command Line is not working.
Solution : You need to run the GPupdate after the manual password reset on the computer where you are changing the password.
Good Luck.
Nutanix Command Library
I have decided to write this post to record all the Nutanix commands that we rarely use in our routine work , But essentially important for better understanding the environment. All these commands can be run from any CVM , unless I will be specifying it.
How to identify the Acropolis Master in an AHV Cluster.
# links -dump http:0:2030
How to identify the Prism Leader
# curl http://0:2019/prism/leader && echo
How to disable/enable the HA on a VM.(By default all the VM’s are protected with HA .
+ Login to CVM and then type “acli”
# vm.update “VM Name” ha_priority=-1 ( To disable the HA)
# vm.update “VM Name” ha_priority=0 ( To enable the HA)
# vm.get “VM Name” – To confirm the change. But by default , you will not see the field ha_priority parameter unless you disable and then enable it manually.
How to find out the BIOS version on all the hosts.
# in the CVM
for i in hostips; do echo ESX $i ; ssh root@$i ‘smbiosDump | head | grep
Version’ 2>/dev/null ; done
How to create a RHEL 7 template in VSphere ESXi 6.7
Unlike for Windows , RHEL based template creation requires additional steps to make it work. During this process , I came across very valuable information from the linuxtechi blog . I am summarizing the steps and some additional steps that I followed during the whole. process. ( But , I am not adding the steps that you need to follow in ESXi to convert a VM in to template)
Source: https://www.linuxtechi.com/create-vm-template-ovirt-environment/
Environment Details:
- RHEL 7.3
- ESXi 6.7
+ Create a RHEL 7.3 VM
+ Install the Operating System and all other Packages needed.
+ Yum update it (If you have a valid RHEL subscription).
Thereafter , we need to follow the below steps to generalize the VM by removing any VM specific configuration and you need to do the below:
+ Remove the SSH host keys
# rm -f /etc/ssh/ssh_host_*
+Clear the history
# history -c
+Clear Yum
#yum clean all
Update#1: In case , if the sys-unconfig command does not work, you must use the virt-sysprep command . Details steps can be found in the below article
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/sect-guest_virtual_machine_disk_access_with_offline_tools-using_virt_sysprep
NOTE: VM Customization specification is mandatory to avoid the VM’s getting the same hostids. Steps are as below;
+ Login to the VCenter.
+ Open Policies & Profiles.
+ Select VM Customization Specification.
+ Provide the details , based on your environment.
+ In the Network screen , select “Manually Select Custom Settings”.
+ Click on Add.
+ In the IPv4 section , select ” Prompt the user for an IPv4 address when the
specification is used “.
Good Luck .
Cannot open mailbox features in ECP
Sometimes you may receive the below error , when you try to access the Mailbox features for a Mailbox via ECP.
In this situation the Exchange server version is 2016 and it happened only on a single mailbox.
After several hours of troubleshooting we came to know that , this could happen if the mailbox is in quarantined state. During this problem user will not be able to access his mailbox neither by Outlook nor any clients)
(You could refer https://www.nucleustechnologies.com/blog/how-to-fix-exchange-mailbox-quarantine-issue/ to have an idea about possible causes for a mailbox to go in to quarantined mode).
To confirm this we ran the below command via the Exchange Powershell
Get-Mailboxstatistics -identity “Test User” | fl Isquarantined
The output was True , now we could confirm his mailbox is in quarantined state.
To disable the quarantine state we ran the below command:
Disable-MailboxQuarantine “Test User”
But , for us unfortunately , the user mailbox goes again to quarantine mode after few minutes. Thus we tried to repair the mailbox using the below command.:
New-MailboxRepairRequest -Mailbox test@test.local -CorruptionType ProvisionedFolder,SearchFolder,AggregateCounts,Folderview
In our situation even the repair was not solving the issue and we had to recreate the mailbox. The reason , I shared the above steps as it could help somebody , without the need for recreating the mailbox.
Good Luck.
Hope you like it.. 