Missing NIC in cloned VirtualBox VM


If you ever encounter similar error ‘Device eth0 does not seem to be present, delaying initialization‘ in the cloned VirtualBox VM, the fix is to remove this file (/etc/udev/rules.d/70-persistent-net.rules) and reboot the VM. 

The reason is that the new cloned VM generates new MAC addresses which do not match the previous ones that have been recorded by the kernel in the above file. 

Selection_007

Selection_008

Setup LDAP authentication in CentOS (openldap+sssd)


1) Install openldap server in CentOS 6.5

yum install -y openldap*

2) Copy the sample slapd.conf configuration

cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf

3) Generate encrypted password for later use

slappasswd

4) Modify /etc/openldap/slapd.conf, use the encrypted password created in above step.

#TLSCACertificatePath /etc/openldap/certs
#TLSCertificateFile “\”OpenLDAP Server\””
#TLSCertificateKeyFile /etc/openldap/certs/password

database monitor
access to *
by dn.exact=”gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth” read
by dn.exact=”cn=Manager,dc=mylab,dc=local” read
by * none

database bdb
suffix “dc=mylab,dc=local”
checkpoint 1024 15
rootdn “cn=Manager,dc=mylab,dc=local”
rootpw {SSHA}TgnKeaT3EArzI1xqW/CpzmCRFa88xPS0
loglevel 256
sizelimit unlimited

5) Copy the sample DB_CONFIG file

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
chown -R ldap:ldap /var/lib/ldap/
chmod 600 /var/lib/ldap/DB_CONFIG

6) Start service

service slapd start
chkconfig slapd on

7) Use the following two commands to verify. (The default LDAP port is 389)

netstat -ntlup | grep slapd
ps -ef | grep slapd

8) Generate a certificate pair for secured LDAP connection

openssl req -newkey rsa:2048 -x509 -nodes -out /etc/openldap/certs/ldap-pub.pem -keyout /etc/openldap/certs/ldap-pri.pem

chown ldap. /etc/openldap/certs/ldap*

9) Configure the olcDatabase={0}config.ldif file

cd /etc/openldap/slapd.d/cn=config

Add the following two lines into: olcDatabase\=\{0\}config.ldif

olcTLSCertificateFile: /etc/openldap/certs/ldap-pub.pem
olcTLSCertificateKeyFile: /etc/openldap/certs/ldap-pri.pem

10) Modify /etc/sysconfig/ldap to only allow secure ldap (ldaps)

SLAPD_LDAP=no
SLAPD_LDAPI=no
SLAPD_LDAPS=yes

11) Restart the slapd.

service slapd restart

12) Verify it (secure ldap port is 636, and ldaps only in the ‘ps -ef’ command results)

netstat -ntlup | grep slapd
ps -ef | grep slapd

13) Add OU, users to your ldap database.

create /etc/openldap/base.ldif, then run the ldapadd command. The password is created in step 3).

ldapadd -x -D “cn=Manager,dc=mylab,dc=local” -f base.ldif -H ldaps://ldap.mylab.local -W

14) Use ldapsearch to query the ldap database.

ldapsearch -x -D “cn=Manager,dc=mylab,dc=local” -H ldaps://ldap.mylab.local -W

15) Use ldapmodify to modify the exisiting value in ldap database. I include a sample here:

ldapmodify -D “cn=Manager,dc=mylab,dc=local” -f modify.ldif -H ldaps://ldap -W

16) Set up the openldap client

yum install -y openldap-clients sssd

17) Copy the the public certificat that generated in step 8) to /etc/openldap/cacerts in the client machine.

cp the ldap-pub.pem to /etc/openldap/cacerts

18) Modify /etc/openldap/ldap.conf to add the following entries:

TLS_CACERTDIR /etc/openldap/cacerts
ssl start_tls
TLS_REQCERT allow
BASE dc=mylab,dc=local
URI ldaps://ldap.mylab.local/
HOST 192.168.56.11

19) Define your ldap URI in the sssd.conf

chmod 600 /etc/sssd/sssd.conf

Sample:  /etc/sssd/sssd.conf

20) Set up the ldap authentication

authconfig –enablesssd –enablesssdauth –enableldap –enableldapauth –enablemkhomedir –ldapserver=ldaps://ldap.mylab.local –ldapbasedn=dc=mylab,dc=local –enablelocauthorize –enableldaptls –update

21) Test by looking for the ldap user

getent passwd jchen
id jchen

Fix duplicated package ID in red hat satellite


Our red hat satellite stops to sync from the subscribed red hat channel. We turned the debug on and found out it is caused by the duplicated package ID in the self-managed oracle database. Here is how to fix it:

1) Turn on debug to find out the duplicated package ID.

echo “debug=7” >> /etc/rhn/rhn.conf

2) Run the sync, and monitor the log.

satellite-sync

tail -f /var/log/rhn/rhn_server_satellite.log

{\’package_id\’: [97018, 97018, 97018, 97018, 97018, 97018, 97018…
SYNC ERROR: unhandled exception occurred: SYNC ERROR: unhandled exception occurred:

3) As above, we can see the ID is 97018. Backup the database before making any changes.

rhn-satellite stop
db-control backup /var/satellite/DBBAK/2014-07-28
rhn-satellite start

4) Connect to Oracle, then remove the duplicated package.

(Optional, in case the ORACLE_SID has not been setup)
sudo su – oracle
. oraenv
ORACLE_SID = [/usr/bin/logname] ? rhnsat

Run sqlplus and execute the following sql statements.

set feedback on;
delete from rhnChannelPackage where package_id=97018;
select count(*) from rhnChannelPackage where package_id=97018;
delete from rhnPackage where id=97018;
select count(*) from rhnPackage where id=97018;
commit;

5) Run the sync again to confirm it fixed the issue.

satellite-sync or  satellite-sync -c channel_name

Apache Rewrite Rule Flags – NE


I was working on an Apache URL redirection request this morning. The task is to redirect the URL ‘^/example/1’ to ‘/#example1’. My first configuration is something like below. When I test it, the redirected URL becomes …/%23example1 instead of …/#example1.

RewriteRule ^/example/1(/)?$ %{HTTP_HOST}/#example1 [R,L,NC]

As you see the problem is that the redirection automatically convert the special character (#) to hexicode (%23). To avoid the conversion, the flag NE has to be applied to the rewrite rule.

RewriteRule ^/example/1(/)?$ %{HTTP_HOST}/#example1 [R,L,NC,NE]

BTW, curl is a better testing tool than browser due to the the history may be cached in the browser. Check the Location value in the output of this comand curl –I –L http://…/example/1

Reference:

http://www.ascii.cl/htmlcodes.htm
https://httpd.apache.org/docs/2.2/rewrite/flags.html#flag_ne

DNF – The New YUM


It is said that DNF will replace YUM as the default package manager in Fedora 22. I have been using YUM since Fedora 9, it may be the time to learn something different now. I am using Fedora 20 which has DNF installed by default. If you don’t have DNF installed, simply use yum to install it –  sudo yum install dnf🙂

DNF started as a fork of the YUM project in early 2012, and now it has a big possiblilty to replace YUM. The reasons behind it are DNF is faster, as it keeps the package metadata up to date all the time and uses a very solid depsolver that is developed and used by SUSE, also DNF supports more plugins and extensions.

Here are some interesting things to read:
Changes in DNF CLI compared to Yum
DNF blog

I compared the commands between YUM and DNF, the current DNF version has less commands available. I need to dig deeper to find out what have been missed.

yum-3.4.3
Usage: yum [options] COMMAND

List of Commands:

autoremove Remove leaf packages
check Check for problems in the rpmdb
check-update Check for available package updates
clean Remove cached data
deplist List a package’s dependencies
distribution-synchronization Synchronize installed packages to the latest available versions
downgrade downgrade a package
erase Remove a package or packages from your system
fs Acts on the filesystem data of the host, mainly for removing docs/lanuages for minimal hosts.
fssnapshot Creates filesystem snapshots, or lists/deletes current snapshots.
groups Display, or use, the groups information
help Display a helpful usage message
history Display, or use, the transaction history
info Display details about a package or group of packages
install Install a package or packages on your system
langavailable Check available languages
langinfo List languages information
langinstall Install appropriate language packs for a language
langlist List installed languages
langremove Remove installed language packs for a language
list List a package or groups of packages
load-transaction load a saved transaction from filename
makecache Generate the metadata cache
provides Find what package provides the given value
reinstall reinstall a package
repo-pkgs Treat a repo. as a group of packages, so we can install/remove all of them
repolist Display the configured software repositories
search Search package details for the given string
shell Run an interactive yum shell
swap Simple way to swap packages, instead of using shell
update Update a package or packages on your system
update-minimal Works like upgrade, but goes to the ‘newest’ package match which fixes a problem that affects your system
updateinfo Acts on repository update information
upgrade Update packages taking obsoletes into account
version Display a version for the machine and/or available repos.

Options:
-h, –help show this help message and exit
-t, –tolerant be tolerant of errors
-C, –cacheonly run entirely from system cache, don’t update cache
-c [config file], –config=[config file]
config file location
-R [minutes], –randomwait=[minutes]
maximum command wait time
-d [debug level], –debuglevel=[debug level]
debugging output level
–showduplicates show duplicates, in repos, in list/search commands
-e [error level], –errorlevel=[error level]
error output level
–rpmverbosity=[debug level name]
debugging output level for rpm
-q, –quiet quiet operation
-v, –verbose verbose operation
-y, –assumeyes answer yes for all questions
–assumeno answer no for all questions
–version show Yum version and exit
–installroot=[path] set install root
–enablerepo=[repo] enable one or more repositories (wildcards allowed)
–disablerepo=[repo] disable one or more repositories (wildcards allowed)
-x [package], –exclude=[package]
exclude package(s) by name or glob
–disableexcludes=[repo]
disable exclude from main, for a repo or for
everything
–disableincludes=[repo]
disable includepkgs for a repo or for everything
–obsoletes enable obsoletes processing during updates
–noplugins disable Yum plugins
–nogpgcheck disable gpg signature checking
–disableplugin=[plugin]
disable plugins by name
–enableplugin=[plugin]
enable plugins by name
–skip-broken skip packages with depsolving problems
–color=COLOR control whether color is used
–releasever=RELEASEVER
set value of $releasever in yum config and repo files
–downloadonly don’t update, just download
–downloaddir=DLDIR specifies an alternate directory to store packages
–setopt=SETOPTS set arbitrary config and repo options
–bugfix Include bugfix relevant packages, in updates
–security Include security relevant packages, in updates
–advisory=ADVS, –advisories=ADVS
Include packages needed to fix the given advisory, in
updates
–bzs=BZS Include packages needed to fix the given BZ, in
updates
–cves=CVES Include packages needed to fix the given CVE, in
updates
–sec-severity=SEVS, –secseverity=SEVS
Include security relevant packages matching the
severity, in updates

dnf-0.5.2-1
usage: dnf [options] COMMAND

List of Main Commands

autoerase
check-update Check for available package upgrades
clean Remove cached data
distro-sync Synchronize installed packages to the latest available versions
downgrade downgrade a package
erase Remove a package or packages from your system
group Display, or use, the groups information
help Display a helpful usage message
history Display, or use, the transaction history
info Display details about a package or group of packages
install Install a package or packages on your system
list List a package or groups of packages
makecache Generate the metadata cache
provides Find what package provides the given value
reinstall reinstall a package
repolist Display the configured software repositories
repository-packages Run commands on top of all packages in given repository
search Search package details for the given string
upgrade Upgrade a package or packages on your system
upgrade-to Upgrade a package on your system to the specified version

optional arguments:
–allowerasing allow erasing of installed packages to resolve
dependencies
-b, –best try the best available package versions in
transactions.
-C, –cacheonly run entirely from system cache, don’t update cache
-c [config file], –config [config file]
config file location
-R [minutes], –randomwait [minutes]
maximum command wait time
-d [debug level], –debuglevel [debug level]
debugging output level
–debugsolver dumps detailed solving results into files
–showduplicates show duplicates, in repos, in list/search commands
-e ERRORLEVEL, –errorlevel ERRORLEVEL
error output level
–rpmverbosity [debug level name]
debugging output level for rpm
-q, –quiet quiet operation
-v, –verbose verbose operation
-y, –assumeyes answer yes for all questions
–assumeno answer no for all questions
–version show Yum version and exit
–installroot [path] set install root
–enablerepo [repo]
–disablerepo [repo]
-x [package], –exclude [package]
exclude packages by name or glob
–disableexcludes [repo]
disable excludes
–obsoletes enable obsoletes processing during upgrades
–noplugins disable all plugins
–nogpgcheck disable gpg signature checking
–disableplugin [plugin]
disable plugins by name
–color COLOR control whether color is used
–releasever RELEASEVER
override the value of $releasever in config and repo
files
–setopt SETOPTS set arbitrary config and repo options
–refresh
-h, –help show help